CVE-2025-2247

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-2247

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-2247

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-2247

The CVE-2025-2247 entry concerns the WP-PManager WordPress plugin (versions 1.2 and earlier) with a CSRF vulnerability in the settings update functionality. The root cause is a lack of CSRF checks, which could allow an authenticated attacker to cause a logged-in administrator to change settings v...

CVE-2025-2248 WP-PManager <= 1.2 - Admin+ SQL Injection

The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-2248 WP-PManager <= 1.2 - Admin+ SQL Injection

The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-2248

Summary (CVE-2025-2248) WP-PManager WordPress plugin (versions ≤ 1.2) exposes a SQL injection risk: a parameter is not sanitized/escaped before use in a SQL statement, enabling admin-level exploitation. The root cause is improper input handling in the plugin’s database query construction. Documen...

CVE-2025-2247 WP-PManager <= 1.2 - Category Deletion via CSRF

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin WP-PManager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP-PManager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-18045 · Mantus667 · Wp-Pmanager

Name of the Vulnerable Software and Affected Versions: WP-PManager WordPress plugin version 1.2 and earlier SAP NetWeaver affected versions not specified Description: The issue allows for SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. A...

CVE-2024-13875

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875 WP Programmmanager <= 1.2 - Reflected XSS

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875 WP Programmmanager <= 1.2 - Reflected XSS

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875

CVE-2024-13875 affects the WP-PManager WordPress plugin (≤ 1.2). The vulnerability is a Reflected Cross-Site Scripting caused by not sanitizing/escaping a parameter before output, enabling an attacker to target high-privilege admin users. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:...

WordPress plugin WP-PManager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP-PManager plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP-PManager versions = 1.2...