2 matches found
CVE-2022-2839 Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...
CVE-2022-2839
CVE-2022-2839 affects the Zephyr Project Manager WordPress plugin prior to 3.2.55. The vulnerability stems from missing authorization and CSRF protection on all AJAX actions, enabling unauthenticated calls. Additionally, lack of input sanitisation/escaping could allow Stored XSS against logged-in...