WordPress plugin Zephyr Project Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

CVE-2025-39552 WordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.200...

WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Zephyr Admin Theme versions = 1.4.1...

WordPress Zephyr Project Manager Plugin <= 3.3.102 is vulnerable to Insecure Direct Object References (IDOR)

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.102 Fixed in 3.3.103 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43916 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 104ce6eeba62 Credits...

WordPress Zephyr Project Manager Plugin <=3.3.102 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions =3.3.102 Fixed in 3.3.103 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43915 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 0c91a5f449d6 Credits Trương Hữu Phúc truonghuuphu...

WordPress Zephyr Project Manager plugin <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via filename Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.100...

WordPress Zephyr Project Manager Plugin <= 3.3.100 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.100 Fixed in 3.3.101 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7356 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0c46a2e71933 Credits wesley...

WordPress Zephyr Project Manager Plugin < 3.3.99 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions 3.3.99 Fixed in 3.3.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6536 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7446412b149f Credits Adrian Peña...

WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zephyr Project Manager Type Plugin Vulnerable versions = 3.3.93 Fixed in 3.3.94 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-34373 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 598837ada134 Credits...