Lucene search
K

557 matches found

RedhatCVE
RedhatCVE
added 2025/09/24 6:32 p.m.3 views

CVE-2025-58269

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:16 p.m.4 views

CVE-2025-58269

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

5.3CVSS0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:23 p.m.2 views

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.10 views

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

5.3CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:23 p.m.10 views

CVE-2025-58269

CVE-2025-58269 affects WP Project Manager (weDevs). The vulnerability is described as a hard-coded credentials issue that could allow retrieval of embedded sensitive data from WP Project Manager versions up to 2.6.25. The connected data indicates no published exploit details in the provided docs,...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.7 views

PT-2025-38931

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 2.6.25 Description The software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations Update weDevs WP Project Manager to a version later than...

5.3CVSS6.6AI score0.0027EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

WordPress plugin WP Project Manager 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...

5.3CVSS6.6AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 2:21 a.m.2 views

MAL-2025-47419 Malicious code in webpikes (npm)

The package webpikes was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.4 views

CVE-2025-54714

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 1:16 p.m.4 views

CVE-2025-54714

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...

7.1CVSS0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 12:37 p.m.1 views

CVE-2025-54714 WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201...

7.1CVSS6.4AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/08/28 12:37 p.m.17 views

CVE-2025-54714

CVE-2025-54714 involves Zephyr Project Manager (WordPress plugin) with a Missing Authorization/Broken Access Control issue affecting versions through 3.3.201. Reported details include CVSS v3.1 base score 7.1 (High) with network attack vector, low privileges required, no user interaction, confide...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/28 12:37 p.m.9 views

CVE-2025-54714 WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.201...

7.1CVSS0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.3 views

WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS6.5AI score0.00203EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/26 12:15 p.m.5 views

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...

7.1CVSS6.7AI score0.00203EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:48 a.m.11 views

CVE-2024-43322

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100...

9.8CVSS6.9AI score0.00367EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.12 views

CVE-2024-7356

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.6 views

CVE-2024-12195

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'projectid' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 d...

6.5CVSS6.6AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.16 views

CVE-2024-6536

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.4CVSS5.7AI score0.0072EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.9 views

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS6.5AI score0.00384EPSS
Exploits0References1
Rows per page
Query Builder