Wp Project Manager Security Vulnerabilities and Issues — Wp Project Manager CVE List

Lucene search

WedevsWp Project Manager

16 matches found

CVE•added 2025/01/04 12:15 p.m.•87 views

CVE-2024-12195

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 du...

6.5CVSS6.6AI score0.0009EPSS

CVE•added 2024/12/19 2:15 a.m.•79 views

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level ac...

6.5CVSS6.5AI score0.0014EPSS

CVE•added 2022/04/04 8:15 p.m.•67 views

CVE-2021-36826

Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin

5.4CVSS5.2AI score0.00231EPSS

CVE•added 2024/12/13 3:15 p.m.•65 views

CVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7.

9.8CVSS6.5AI score0.00205EPSS

CVE•added 2025/02/15 10:15 a.m.•64 views

CVE-2024-13752

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes...

6.5CVSS6.7AI score0.00309EPSS

CVE•added 2023/12/14 5:15 p.m.•59 views

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project manag...

6.5CVSS6.1AI score0.00181EPSS

CVE•added 2024/11/13 4:15 a.m.•59 views

CVE-2024-10174

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_i...

7.3CVSS7AI score0.00063EPSS

CVE•added 2025/04/09 5:15 a.m.•59 views

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping i...

6.4CVSS6AI score0.00032EPSS

CVE•added 2025/04/11 12:15 p.m.•49 views

CVE-2025-2541

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abo...

6.4CVSS5.7AI score0.00043EPSS

CVE•added 2025/04/04 4:15 p.m.•43 views

CVE-2025-32280

Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22.

8.8CVSS4.7AI score0.00022EPSS

CVE•added 2025/02/15 12:15 p.m.•42 views

CVE-2024-13500

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parame...

6.5CVSS7.4AI score0.00034EPSS

CVE•added 2025/03/27 3:15 p.m.•41 views

CVE-2025-22649

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.

5.9CVSS5.8AI score0.00036EPSS

CVE•added 2023/08/31 6:15 a.m.•36 views

CVE-2023-3636

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modi...

8.8CVSS8.5AI score0.0011EPSS

CVE•added 2024/11/20 12:15 p.m.•36 views

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticate...

5.3CVSS5AI score0.00074EPSS

CVE•added 2023/11/03 12:15 p.m.•31 views

CVE-2023-34383

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.

9.8CVSS9.9AI score0.0021EPSS

CVE•added 2023/07/01 5:15 a.m.•26 views

CVE-2020-36745

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged re...

8.8CVSS8.2AI score0.00267EPSS