CVE-2025-12496
- EPSS 0.34%
- Veröffentlicht 17.12.2025 07:21:00
- Zuletzt bearbeitet 18.12.2025 15:08:06
The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the `file` parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to re...
CVE-2025-10490
- EPSS 0.02%
- Veröffentlicht 26.09.2025 07:15:41
- Zuletzt bearbeitet 26.09.2025 14:32:19
The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authe...
CVE-2024-43916
- EPSS 0.12%
- Veröffentlicht 26.08.2024 21:15:29
- Zuletzt bearbeitet 12.09.2024 16:21:19
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
CVE-2024-6536
- EPSS 47.47%
- Veröffentlicht 30.07.2024 06:15:04
- Zuletzt bearbeitet 10.06.2025 16:01:07
The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm...