PT-2025-51819

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

EUVD-2022-4988

Malicious code in bioql PyPI...

WordPress Zephyr Project Manager Plugin <=3.3.102 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions =3.3.102 Fixed in 3.3.103 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43915 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 0c91a5f449d6 Credits Trương Hữu Phúc truonghuuphu...

PT-2024-37697 · WordPress · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager WordPress plugin versions prior to 3.3.99 Description: The issue allows high privilege users, such as editors and admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not...

UBUNTU-CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...

PT-2020-15356 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin versions 1.9.1 and earlier Description: The issue concerns the storage of the Zephyr password in plain text on the Jenkins master file system, specifically in the global configuration file...

CVE-2019-1003084

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

PT-2019-11374 · Jenkins · Jenkins Zephyr Enterprise Test Management Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ZeeDescriptordoTestConnection form validation method, allowing attackers to initiate a connection t...

PT-2019-11375 · Jenkins · Jenkins Zephyr Enterprise Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin affected versions not specified Description: A missing permission check in the ZeeDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a...