Wedevs

Wp Project Manager

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-8994

  • EPSS 0.03%
  • Veröffentlicht 15.11.2025 05:45:33
  • Zuletzt bearbeitet 18.11.2025 14:06:55

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completed_at_operator’ parameter in all versions up to, and inc...

5.3

CVE-2025-58269

  • EPSS 0.04%
  • Veröffentlicht 22.09.2025 18:23:15
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded Sensitive Data. This issue affects WP Project Manager: from n/a through 2.6.25.

5.4

CVE-2025-2541

  • EPSS 0.02%
  • Veröffentlicht 11.04.2025 11:11:56
  • Zuletzt bearbeitet 06.05.2025 14:09:58

The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

5.4

CVE-2025-3100

  • EPSS 0.02%
  • Veröffentlicht 09.04.2025 04:21:20
  • Zuletzt bearbeitet 14.07.2025 17:27:25

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insu...

8.8

CVE-2025-32280

  • EPSS 0.02%
  • Veröffentlicht 04.04.2025 16:15:39
  • Zuletzt bearbeitet 09.04.2025 16:24:47

Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22.

4.8

CVE-2025-22649

  • EPSS 0.05%
  • Veröffentlicht 27.03.2025 15:15:57
  • Zuletzt bearbeitet 10.04.2025 15:17:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.

6.5

CVE-2024-13500

  • EPSS 0.12%
  • Veröffentlicht 15.02.2025 12:15:30
  • Zuletzt bearbeitet 24.02.2025 12:33:48

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to ...

6.5

CVE-2024-13752

  • EPSS 0.42%
  • Veröffentlicht 15.02.2025 10:15:08
  • Zuletzt bearbeitet 24.02.2025 12:30:24

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all ...

6.5

CVE-2024-12195

  • EPSS 0.24%
  • Veröffentlicht 04.01.2025 12:15:22
  • Zuletzt bearbeitet 05.02.2025 16:50:05

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoin...

6.5

CVE-2024-10548

  • EPSS 0.33%
  • Veröffentlicht 19.12.2024 02:15:22
  • Zuletzt bearbeitet 05.02.2025 16:49:13

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for ...