Wp Project Manager Security Vulnerabilities and Issues — Wp Project Manager CVE List

Lucene search

WedevsWp Project Manager

7 matches found

CVE•added 2025/01/04 12:15 p.m.•87 views

CVE-2024-12195

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 du...

6.5CVSS6.6AI score0.0009EPSS

CVE•added 2024/12/19 2:15 a.m.•79 views

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level ac...

6.5CVSS6.5AI score0.00157EPSS

CVE•added 2025/02/15 10:15 a.m.•64 views

CVE-2024-13752

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes...

6.5CVSS6.7AI score0.00438EPSS

CVE•added 2023/12/14 5:15 p.m.•59 views

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project manag...

6.5CVSS6.1AI score0.00181EPSS

CVE•added 2025/04/09 5:15 a.m.•59 views

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping i...

6.4CVSS6AI score0.00032EPSS

CVE•added 2025/04/11 12:15 p.m.•49 views

CVE-2025-2541

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abo...

6.4CVSS5.7AI score0.00043EPSS

CVE•added 2025/02/15 12:15 p.m.•42 views

CVE-2024-13500

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parame...

6.5CVSS7.4AI score0.00043EPSS