5 matches found
WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin WP Project Manager versions = 2.6.22...
CVE-2025-2541
creationtimestamp| type| source ---|---|--- 2025-04-11 11:50:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11415 2025-04-11 15:37:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybxf432c 2025-04-11 16:27:16+00:00| seen| https://t.me/cvedetector/22749...
CVE-2025-2541
CVE-2025-2541 : The WP Project Manager plugin for WordPress (affected:
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...