4 matches found
CVE-2023-3636
The CVE-2023-3636 entry concerns the WP Project Manager WordPress plugin (versions
WordPress WP Project Manager 2.6.4 Privilege Escalation
Description: WP Project Manager = 2.6.4 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts Plugin Slug: wedevs-project-manager Affected Versions: =...
weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible...
WordPress WP Project Manager Plugin <= 2.6.4 is vulnerable to Broken Access Control
Software WP Project Manager Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3636 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dbb52708f7ad Credits István Márton Required...