3 matches found
CVE-2024-13752 WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This mak...
CVE-2024-13752 WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This mak...
CVE-2024-13752
CVE-2024-13752 concerns the WP Project Manager WordPress plugin (versions up to and including 2.6.17). A missing capability check on the /pm/v2/settings/notice endpoint allows an authenticated user with Subscriber-level access and above to perform a limited arbitrary options update that can lead ...