CVE-2023-49860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

CVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through = 2.6.7...

CVE-2025-68040

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 3.0.1...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-68040 WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 3.0.1...

CVE-2025-8994

CVE-2025-8994 : WP Project Manager (WordPress) is vulnerable to a time-based SQL Injection via the completed_at_operator parameter in all versions up to 2.6.26. Exploitation requires authenticated access at Subscriber level or higher and can be used to extract sensitive data from the database. Pu...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

EUVD-2021-23402

Malware in sbrugna...

EUVD-2025-9774

Malicious code in bioql PyPI...

EUVD-2023-53768

Malicious code in bioql PyPI...

EUVD-2024-51743

Malicious code in bioql PyPI...

EUVD-2023-38463

Malicious code in bioql PyPI...

EUVD-2025-8471

Malicious code in bioql PyPI...

EUVD-2023-44626

Malicious code in bioql PyPI...

EUVD-2025-10798

Malicious code in bioql PyPI...

EUVD-2024-51634

Malicious code in bioql PyPI...

EUVD-2024-33429

Malicious code in bioql PyPI...

PT-2025-38931

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 2.6.25 Description The software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations Update weDevs WP Project Manager to a version later than...

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2023-3636

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...