Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/04/11 5:2 a.m.17 views

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping...

6.4CVSS5.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 5:15 a.m.23 views

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping...

6.4CVSS0.00264EPSS
Exploits0References3
Circl
Circl
added 2025/04/09 4:47 a.m.9 views

CVE-2025-3100

creationtimestamp| type| source ---|---|--- 2025-04-09 04:47:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11022 2025-04-09 07:32:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmehvtfbbc2h 2025-04-09 08:24:38+00:00| seen| https://t.me/cvedetector/22538...

6.4CVSS8.7AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/09 4:21 a.m.25 views

CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping...

6.4CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 2025/04/09 4:21 a.m.81 views

CVE-2025-3100

CVE-2025-3100 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WP Project Manager plugin for WordPress. The issue arises from insufficient input sanitization and output escaping in the tasks discussion, enabling an authenticated user with Subscriber-level access (and those grant...

6.4CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2025/04/08 9:41 p.m.7 views

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by siavashvafshar in WordPress Plugin WP Project Manager versions = 2.6.22...

6.4CVSS6.3AI score0.00264EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder