Wedevs Wp Project Manager
By the Year
In 2024 there have been 0 vulnerabilities in Wedevs Wp Project Manager . Last year Wp Project Manager had 5 security vulnerabilities published. Right now, Wp Project Manager is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 8.20 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Wp Project Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wedevs Wp Project Manager Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts
CVE-2023-49860
5.4 - Medium
- December 14, 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.
XSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager
CVE-2023-34383
9.8 - Critical
- November 03, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.
SQL Injection
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to
CVE-2023-3636
8.8 - High
- August 31, 2023
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0
CVE-2020-36745
8.8 - High
- July 01, 2023
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
Authenticated (subscriber or higher user role if
CVE-2021-36826
5.4 - Medium
- April 04, 2022
Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wedevs Wp Project Manager or by Wedevs? Click the Watch button to subscribe.
