Zephyr-one

Zephyr Project Manager

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-32526

  • EPSS 0.02%
  • Published 17.04.2025 15:47:41
  • Last modified 11.07.2025 12:57:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS. This issue affects Zephyr Project Manager: from n/a through 3.3.101.

5.4

CVE-2024-43915

  • EPSS 0.05%
  • Published 26.08.2024 21:15:29
  • Last modified 28.08.2024 17:44:45

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.

9.8

CVE-2024-43322

  • EPSS 0.05%
  • Published 18.08.2024 22:15:11
  • Last modified 11.02.2025 19:32:20

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.

8.1

CVE-2024-7624

  • EPSS 0.55%
  • Published 15.08.2024 03:15:05
  • Last modified 11.02.2025 20:13:25

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to...

5.4

CVE-2024-7356

  • EPSS 0.22%
  • Published 03.08.2024 10:15:51
  • Last modified 11.02.2025 20:12:23

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible...

7.5

CVE-2024-38761

  • EPSS 0.72%
  • Published 01.08.2024 22:15:25
  • Last modified 11.02.2025 19:31:28

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.

8.8

CVE-2024-37484

  • EPSS 0.27%
  • Published 09.07.2024 12:15:14
  • Last modified 10.02.2025 15:06:59

Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.

5.4

CVE-2022-2839

Exploit
  • EPSS 0.36%
  • Published 03.10.2022 14:15:17
  • Last modified 21.11.2024 07:01:47

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of saniti...

5.4

CVE-2022-3333

Exploit
  • EPSS 0.21%
  • Published 28.09.2022 05:15:09
  • Last modified 21.11.2024 07:19:18

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart...

9.8

CVE-2022-2840

Exploit
  • EPSS 1.34%
  • Published 19.09.2022 14:15:11
  • Last modified 21.11.2024 07:01:47

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections