WordPress Task Manager Pro plugin <=1.3.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Cross-Site Scripting XSS vulnerabilities found in WordPress Task Manager Pro premium plugin version 1.3.1 and earlier versions by 8bitsec. Solution 2017.07.29 - We were unable to find information about patched release of WordPress Task Manager Pro plugin. The last record on...

WordPress Task Manager Pro <= 1.3.1 - Authenticated SQL Injection

Blind SQL Injection on task-details page task parameter. Logged as a follower: https://localhost/wp/wp-admin/admin.php?page=task-details&task=6+and+sleep1+and+1%3D1...

WordPress Task Manager Pro <= 1.3.1 - Authenticated SQL Injection

Blind SQL Injection on task-details page task parameter. PoC Logged as a follower: https://localhost/wp/wp-admin/admin.php?page=task-details=6+and+sleep1+and+1%3D1...

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...

WordPress Task Manager Pro plugin <=1.3.1 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability found in WordPress Task Manager Pro premium plugin version 1.3.1 and earlier versions by 8bitsec. Solution 2017.07.29 - We were unable to find information about patched release of WordPress Task Manager Pro plugin. The last record on the changelog of the...

WordPress Task Manager Pro 1.31 Cross Site Scripting

Exploit Title: WordPress Task Manager Pro 1.31 - Multiple vulnerabilities Date: 2017-07-11 Exploit Author: 8bitsec Vendor Homepage: https://www.w3bd.com/ Software Link: http://codecanyon.net/item/task-manager-pro-all-in-one-project-based-task-management-plugin-for-wordrpress/19864872 Version: 1.3...

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. PoC Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...