557 matches found
CVE-2025-58269
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...
CVE-2025-58269
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...
CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...
CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...
CVE-2025-58269
CVE-2025-58269 affects WP Project Manager (weDevs). The vulnerability is described as a hard-coded credentials issue that could allow retrieval of embedded sensitive data from WP Project Manager versions up to 2.6.25. The connected data indicates no published exploit details in the provided docs,...
PT-2025-38931
Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 2.6.25 Description The software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations Update weDevs WP Project Manager to a version later than...
WordPress plugin WP Project Manager 信任管理问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...
MAL-2025-47419 Malicious code in webpikes (npm)
The package webpikes was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
CVE-2025-54714
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...
CVE-2025-54714
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...
CVE-2025-54714 WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201...
CVE-2025-54714
CVE-2025-54714 involves Zephyr Project Manager (WordPress plugin) with a Missing Authorization/Broken Access Control issue affecting versions through 3.3.201. Reported details include CVSS v3.1 base score 7.1 (High) with network attack vector, low privileges required, no user interaction, confide...
CVE-2025-54714 WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...
WordPress plugin Zephyr Project Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...
CVE-2024-43322
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100...
CVE-2024-7356
The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-12195
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'projectid' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 d...
CVE-2024-6536
The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10548
The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...