9 matches found
WordPress ProjectList plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...
CVE-2025-13376
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
CVE-2025-13370
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13370
CVE-2025-13370 (WordPress ProjectList plugin) is a time-based SQL Injection affecting the ProjectList plugin for WordPress in versions up to and including 0.3.0. The root cause is insufficient escaping of the id parameter and inadequate preparation of the existing SQL query, enabling authenticate...
EUVD-2025-199566
The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13376 ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
CVE-2025-13376
The CVE-2025-13376 entry concerns the WordPress ProjectList plugin with versions up to 0.3.0, where missing file-type validation allows authenticated users with Editor-level access or higher to upload arbitrary files to the server. This vulnerability potentially enables remote code execution. Pub...
CVE-2025-13376 ProjectList <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's...
PT-2025-48005
Name of the Vulnerable Software and Affected Versions ProjectList versions prior to 0.3.1 Description The ProjectList plugin for WordPress is susceptible to unauthorized file uploads because of inadequate file type validation. This allows attackers with Editor-level access or higher to upload...