Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker, with AI-generated Chinese analysis, references, and POCs.

Vendor: wedevs

CVE IDTitleCVSSSeverityPublished
CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' CWE-89 6.5 Medium2025-11-15
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CWE-79 6.4 Medium2025-04-11
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload CWE-79 6.4 Medium2025-04-09
CVE-2024-13500 WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter CWE-89 6.5 Medium2025-02-15
CVE-2024-13752 WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update CWE-862 6.5 Medium2025-02-15
CVE-2024-12195 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection CWE-89 6.5 Medium2025-01-04
CVE-2024-10548 WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API CWE-200 6.5 Medium2024-12-19
CVE-2024-10520 WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion CWE-862 5.3 Medium2024-11-20
CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass CWE-639 7.3 High2024-11-13
CVE-2023-3636 WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation CWE-269 8.8 High2023-08-31
CVE-2020-36745 WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass CWE-352 4.3 Medium2023-07-01

All 11 known CVE vulnerabilities affecting Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker with full Chinese analysis, references, and POCs where available.