Zephyr-one

Zephyr Project Manager

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-32526

  • EPSS 0.02%
  • Veröffentlicht 17.04.2025 15:47:41
  • Zuletzt bearbeitet 11.07.2025 12:57:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS. This issue affects Zephyr Project Manager: from n/a through 3.3.101.

5.4

CVE-2024-43915

  • EPSS 0.05%
  • Veröffentlicht 26.08.2024 21:15:29
  • Zuletzt bearbeitet 28.08.2024 17:44:45

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.

9.8

CVE-2024-43322

  • EPSS 0.05%
  • Veröffentlicht 18.08.2024 22:15:11
  • Zuletzt bearbeitet 11.02.2025 19:32:20

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.

8.1

CVE-2024-7624

  • EPSS 0.55%
  • Veröffentlicht 15.08.2024 03:15:05
  • Zuletzt bearbeitet 11.02.2025 20:13:25

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to...

5.4

CVE-2024-7356

  • EPSS 0.22%
  • Veröffentlicht 03.08.2024 10:15:51
  • Zuletzt bearbeitet 11.02.2025 20:12:23

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible...

7.5

CVE-2024-38761

  • EPSS 0.72%
  • Veröffentlicht 01.08.2024 22:15:25
  • Zuletzt bearbeitet 11.02.2025 19:31:28

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.

8.8

CVE-2024-37484

  • EPSS 0.27%
  • Veröffentlicht 09.07.2024 12:15:14
  • Zuletzt bearbeitet 10.02.2025 15:06:59

Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.

5.4

CVE-2022-2839

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.10.2022 14:15:17
  • Zuletzt bearbeitet 21.11.2024 07:01:47

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of saniti...

5.4

CVE-2022-3333

Exploit
  • EPSS 0.21%
  • Veröffentlicht 28.09.2022 05:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:18

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart...

9.8

CVE-2022-2840

Exploit
  • EPSS 1.34%
  • Veröffentlicht 19.09.2022 14:15:11
  • Zuletzt bearbeitet 21.11.2024 07:01:47

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections