Zephyr Project Manager@* Security Vulnerabilities and Issues — Zephyr Project Manager@* CVE List

Lucene search

Zephyr Project Manager ProjectZephyr Project Manager*

3 matches found

CVE•added 2022/06/13 1:15 p.m.•68 views

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.02975EPSS

CVE•added 2022/09/19 2:15 p.m.•63 views

CVE-2022-2840

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

9.8CVSS9.6AI score0.0099EPSS

CVE•added 2022/10/03 2:15 p.m.•61 views

CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to ...

5.4CVSS5.4AI score0.00168EPSS