PT-2025-53814

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 3.0.1 Description A flaw exists in weDevs WP Project Manager that allows for the retrieval of embedded sensitive data. The issue involves the insertion of sensitive information into sent data...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

PT-2025-47042

Name of the Vulnerable Software and Affected Versions WP Project Manager plugin for WordPress versions prior to 2.6.27 Description The WP Project Manager plugin for WordPress is susceptible to a time-based SQL Injection issue. This is due to inadequate escaping of user-supplied input and...

EUVD-2025-30519

Malicious code in bioql PyPI...

CVE-2025-58269

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

CVE-2025-58269

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

CVE-2025-58269

CVE-2025-58269 affects WP Project Manager (weDevs). The vulnerability is described as a hard-coded credentials issue that could allow retrieval of embedded sensitive data from WP Project Manager versions up to 2.6.25. The connected data indicates no published exploit details in the provided docs,...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

CVE-2025-32280

Cross-Site Request Forgery CSRF vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22...

CVE-2024-13500

CVE-2024-13500 affects the WordPress plugin “WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts”. It describes a time-based SQL Injection via the wager parameter orderby in all versions up to 2.6.17, caused by insufficient escaping and inadequat...

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress WP Project Manager plugin <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Project Manager versions = 2.6.17...

WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...

CVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16088 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: The WP Project Manager versions up to, and including, 2.6.13 Description: The issue is related to Insecure Direct Object Reference, which affects the plugin due to missing validation on the user id user-controlled key in the Abstract Permissi...

WordPress Plugin WP Project Manager Permission License and Access Control Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A permission permission and...

WordPress WP Project Manager Plugin <= 2.6.4 is vulnerable to Broken Access Control

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3636 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dbb52708f7ad Credits István Márton Required...