Zephyr Project Manager Security Vulnerabilities and Issues — Zephyr Project Manager CVE List

Zephyr-oneZephyr Project Manager

10 matches found

CVE•added 2022/09/19 12:0 a.m.•71 views

CVE-2022-2840

Summary (CVE-2022-2840 – Zephyr Project Manager WordPress plugin) The Zephyr Project Manager WordPress plugin (versions prior to 3.2.5) is vulnerable to SQL injection due to unsanitized/uncleaned input used in SQL queries via multiple AJAX actions, accessible to unauthenticated and authenticated ...

9.8CVSS9.6AI score0.03847EPSS

Web

CVE•added 2022/10/03 1:45 p.m.•66 views

CVE-2022-2839

CVE-2022-2839 affects the Zephyr Project Manager WordPress plugin prior to 3.2.55. The vulnerability stems from missing authorization and CSRF protection on all AJAX actions, enabling unauthenticated calls. Additionally, lack of input sanitisation/escaping could allow Stored XSS against logged-in...

5.4CVSS5.4AI score0.00244EPSS

Web

CVE•added 2024/08/18 9:31 p.m.•57 views

CVE-2024-43322

CVE-2024-43322 is an Authorization Bypass Through User-Controlled Key affecting Zephyr Project Manager (versions up to 3.3.100, vendor not specified in Initial). The vulnerability has a high impact per CVSS v3.1 (Critical, 9.8) with network attack vector, no user interaction required, and high co...

9.8CVSS5.5AI score0.00053EPSS

CVE•added 2024/08/26 8:31 p.m.•56 views

CVE-2024-43915

CVE-2024-43915 affects the Zephyr Project Manager WordPress plugin (versions up to 3.3.102). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability arising from improper input neutralization during page generation. Public documentation from Patchstack cites vulnerable versions

5.5CVSS7AI score0.00102EPSS

CVE•added 2024/08/01 9:26 p.m.•52 views

CVE-2024-38761

CVE-2024-38761 is a vulnerability in the WordPress Zephyr Project Manager plugin, affecting Zephyr Project Manager versions n/a through 3.3.99 (i.e.,

7.5CVSS7.5AI score0.00975EPSS

CVE•added 2024/08/15 2:30 a.m.•51 views

CVE-2024-7624

CVE-2024-7624 affects the Zephyr Project Manager WordPress plugin. Versions up to 3.3.101 are vulnerable to limited privilege escalation due to update_user_access() not properly checking user capabilities, enabling authenticated users with subscriber-level access and above to grant themselves ful...

8.1CVSS8AI score0.00574EPSS

CVE•added 2024/07/09 11:47 a.m.•48 views

CVE-2024-37484

CVE-2024-37484 relates to Zephyr Project Manager. The Zephyr Project Manager product (affected versions from n/a up to 3.3.97) is vulnerable to Privilege Escalation via a User Meta Update when accessed by an authenticated user with LOW privileges. The issue is categorized under Improp er Privileg...

8.8CVSS8.8AI score0.0028EPSS

CVE•added 2022/09/28 4:35 a.m.•42 views

CVE-2022-3333

CVE-2022-3333 affects Zephyr Project Manager up to 3.2.4. The issue resides in the REST Call Handler’s file /v1/tasks/create/, where manipulation of the onanimationstart argument enables cross-site scripting. The vulnerability can be triggered remotely, implying network-accessible exploitation. A...

5.4CVSS4.4AI score0.00223EPSS

Web

CVE•added 2025/04/17 3:47 p.m.•39 views

CVE-2025-32526

CVE-2025-32526 affects Zephyr Project Manager (WordPress plugin) up to version 3.3.101. Description: Improper neutralization of input during web page generation leading to Reflected Cross-Site Scripting. Public sources in connected documents confirm the Vulnerability Details for Zephyr Project Ma...

7.1CVSS7.2AI score0.00977EPSS

CVE•added 2024/08/03 9:37 a.m.•21 views

CVE-2024-7356

CVE-2024-7356 affects the Zephyr Project Manager plugin for WordPress. It is a Stored Cross-Site Scripting (XSS) via the filename parameter in versions up to and including 3.3.100, enabled for authenticated users at Subscriber level and above. Root cause: insufficient input sanitization and outpu...

6.4CVSS5.7AI score0.00233EPSS