| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 09:24:24 | Deep Dive |
| CVE-2025-23497 | WordPress Simple Project Manager plugin <= 1.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | albdesign | Simple Project Manager | High | 7.1 | 2025-01-16 20:06:02 | Deep Dive |
| CVE-2024-12195 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-01-04 11:24:20 | Deep Dive |
| CVE-2024-10548 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2024-12-19 01:45:14 | Deep Dive |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability | weDevs | WP Project Manager | 中危 | - | 2024-12-13 14:24:04 | Deep Dive |
| CVE-2024-12015 | SQL Injection in WordPress Project Manager Plugin | WeDevs | WP Project Manager | High | 7.7 | 2024-12-02 13:23:50 | Deep Dive |
| CVE-2024-10520 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 5.3 | 2024-11-20 11:33:11 | Deep Dive |
| CVE-2024-10174 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | High | 7.3 | 2024-11-13 03:20:08 | Deep Dive |
| CVE-2024-44014 | WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability | Vmax Studio | Vmax Project Manager | Critical | 9.6 | 2024-10-05 10:53:36 | Deep Dive |
| CVE-2024-8945 | CodeCanyon RISE Ultimate Project Manager save sql injection | CodeCanyon | RISE Ultimate Project Manager | Medium | 5.5 | 2024-09-17 18:00:13 | Deep Dive |
| CVE-2024-43915 | WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability | Dylan James | Zephyr Project Manager | Medium | 5.5 | 2024-08-26 20:31:28 | Deep Dive |
| CVE-2024-43916 | WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability | Dylan James | Zephyr Project Manager | Medium | 4.3 | 2024-08-26 20:23:11 | Deep Dive |
| CVE-2024-43322 | WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability | Dylan James | Zephyr Project Manager | Medium | 5.4 | 2024-08-18 21:31:11 | Deep Dive |
| CVE-2024-7624 | Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation | dylanjkotze | Zephyr Project Manager | High | 8.1 | 2024-08-15 02:30:37 | Deep Dive |
| CVE-2024-7356 | Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter | dylanjkotze | Zephyr Project Manager | Medium | 6.4 | 2024-08-03 09:37:20 | Deep Dive |
| CVE-2024-38761 | WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability | Dylan James | Zephyr Project Manager | High | 7.5 | 2024-08-01 21:26:54 | Deep Dive |
| CVE-2024-6536 | Zephyr Project Manager < 3.3.99 - Editor+ XSS | Unknown | Zephyr Project Manager | - | - | 2024-07-30 06:00:11 | Deep Dive |
| CVE-2024-37484 | WordPress Zephyr Project Manager plugin <= 3.3.97 - Privilege Escalation vulnerability | Dylan James | Zephyr Project Manager | High | 8.8 | 2024-07-09 11:47:08 | Deep Dive |
| CVE-2024-37224 | WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability | smartypants | SP Project & Document Manager | High | 7.5 | 2024-07-09 09:59:20 | Deep Dive |
| CVE-2024-3749 | SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR | Unknown | SP Project & Document Manager | - | - | 2024-05-15 06:00:05 | Deep Dive |