CVE-2025-2247

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-2247

The CVE-2025-2247 entry concerns the WP-PManager WordPress plugin (versions 1.2 and earlier) with a CSRF vulnerability in the settings update functionality. The root cause is a lack of CSRF checks, which could allow an authenticated attacker to cause a logged-in administrator to change settings v...

CVE-2025-2248 WP-PManager <= 1.2 - Admin+ SQL Injection

The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

PT-2025-18045 · Mantus667 · Wp-Pmanager

Name of the Vulnerable Software and Affected Versions: WP-PManager WordPress plugin version 1.2 and earlier SAP NetWeaver affected versions not specified Description: The issue allows for SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. A...

CVE-2024-13875

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13875

CVE-2024-13875 affects the WP-PManager WordPress plugin (≤ 1.2). The vulnerability is a Reflected Cross-Site Scripting caused by not sanitizing/escaping a parameter before output, enabling an attacker to target high-privilege admin users. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:...