Wedevs

Wp Project Manager

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-40003

  • EPSS 0.31%
  • Veröffentlicht 13.12.2024 15:15:21
  • Zuletzt bearbeitet 05.02.2025 14:28:12

Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7.

7.7

CVE-2024-12015

  • EPSS 0.37%
  • Veröffentlicht 02.12.2024 14:15:05
  • Zuletzt bearbeitet 02.12.2024 14:15:05

The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.

5.3

CVE-2024-10520

  • EPSS 0.33%
  • Veröffentlicht 20.11.2024 12:15:18
  • Zuletzt bearbeitet 05.02.2025 16:51:57

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version ...

7.3

CVE-2024-10174

  • EPSS 0.17%
  • Veröffentlicht 13.11.2024 04:15:03
  • Zuletzt bearbeitet 05.02.2025 16:48:14

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permissio...

5.4

CVE-2023-49860

  • EPSS 0.18%
  • Veröffentlicht 14.12.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:33:57

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects W...

9.8

CVE-2023-34383

  • EPSS 0.21%
  • Veröffentlicht 03.11.2023 12:15:08
  • Zuletzt bearbeitet 21.11.2024 08:07:08

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.

8.8

CVE-2023-3636

  • EPSS 0.08%
  • Veröffentlicht 31.08.2023 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:17:43

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with ...

8.8

CVE-2020-36745

  • EPSS 0.11%
  • Veröffentlicht 01.07.2023 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:30:12

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthentic...

5.4

CVE-2021-36826

  • EPSS 0.22%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:14:09

Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.