| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12496 | Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery | dylanjkotze | Zephyr Project Manager | Medium | 4.9 | 2025-12-17 07:21:01 | Deep Dive |
| CVE-2025-10490 | Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting | dylanjkotze | Zephyr Project Manager | Medium | 4.4 | 2025-09-26 06:43:30 | Deep Dive |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability | Dylan James | Zephyr Project Manager | High | 7.1 | 2025-08-28 12:37:35 | Deep Dive |
| CVE-2025-32526 | WordPress Zephyr Project Manager plugin <= 3.3.101 - Cross Site Scripting (XSS) vulnerability | Dylan James | Zephyr Project Manager | High | 7.1 | 2025-04-17 15:47:41 | Deep Dive |
| CVE-2025-39552 | WordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control Vulnerability | Dylan James | Zephyr Project Manager | Medium | 5.4 | 2025-04-16 12:44:36 | Deep Dive |
| CVE-2024-43915 | WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability | Dylan James | Zephyr Project Manager | Medium | 5.5 | 2024-08-26 20:31:28 | Deep Dive |
| CVE-2024-43916 | WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability | Dylan James | Zephyr Project Manager | Medium | 4.3 | 2024-08-26 20:23:11 | Deep Dive |
| CVE-2024-43322 | WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability | Dylan James | Zephyr Project Manager | Medium | 5.4 | 2024-08-18 21:31:11 | Deep Dive |
| CVE-2024-7624 | Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation | dylanjkotze | Zephyr Project Manager | High | 8.1 | 2024-08-15 02:30:37 | Deep Dive |
| CVE-2024-7356 | Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter | dylanjkotze | Zephyr Project Manager | Medium | 6.4 | 2024-08-03 09:37:20 | Deep Dive |
| CVE-2024-38761 | WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability | Dylan James | Zephyr Project Manager | High | 7.5 | 2024-08-01 21:26:54 | Deep Dive |
| CVE-2024-6536 | Zephyr Project Manager < 3.3.99 - Editor+ XSS | Unknown | Zephyr Project Manager | - | - | 2024-07-30 06:00:11 | Deep Dive |
| CVE-2024-37484 | WordPress Zephyr Project Manager plugin <= 3.3.97 - Privilege Escalation vulnerability | Dylan James | Zephyr Project Manager | High | 8.8 | 2024-07-09 11:47:08 | Deep Dive |
| CVE-2023-31237 | WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection | Dylan James | Zephyr Project Manager | Medium | 4.7 | 2023-12-29 09:56:51 | Deep Dive |
| CVE-2023-34373 | WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) | Dylan James | Zephyr Project Manager | Medium | 5.4 | 2023-06-19 12:33:32 | Deep Dive |
| CVE-2022-2839 | Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS | Unknown | Zephyr Project Manager | 中危 | - | 2022-10-03 13:45:24 | Deep Dive |
| CVE-2022-3333 | Zephyr Project Manager REST Call cross site scripting | Zephyr | Project Manager | Low | 3.5 | 2022-09-28 04:35:12 | Deep Dive |
| CVE-2022-2840 | Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi | Unknown | Zephyr Project Manager | 超危 | - | 2022-09-19 00:00:00 | Deep Dive |
| CVE-2022-1822 | Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting | dylanjkotze | Zephyr Project Manager | Medium | 6.1 | 2022-06-13 12:25:29 | Deep Dive |