Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zephyr Project Manager — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Zephyr Project Manager, with AI-generated Chinese analysis, references, and POCs.

Vendor: dylanjkotze

CVE IDTitleCVSSSeverityPublished
CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery CWE-22 4.9 Medium2025-12-17
CVE-2025-10490 Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting CWE-79 4.4 Medium2025-09-26
CVE-2025-54714 WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability CWE-862 7.1 High2025-08-28
CVE-2025-32526 WordPress Zephyr Project Manager plugin <= 3.3.101 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-04-17
CVE-2025-39552 WordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control Vulnerability CWE-862 5.4 Medium2025-04-16
CVE-2024-43915 WordPress Zephyr Project Manager plugin <=3.3.102 - Cross Site Scripting (XSS) vulnerability CWE-79 5.5 Medium2024-08-26
CVE-2024-43916 WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability CWE-639 4.3 Medium2024-08-26
CVE-2024-43322 WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability CWE-639 5.4 Medium2024-08-18
CVE-2024-7624 Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation CWE-285 8.1 High2024-08-15
CVE-2024-7356 Zephyr Project Manager <= 3.3.100 - Authenticated (Subscriber+) Stored Cross-Site Scripting via filename Parameter CWE-79 6.4 Medium2024-08-03
CVE-2024-38761 WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability CWE-200 7.5 High2024-08-01
CVE-2024-6536 Zephyr Project Manager < 3.3.99 - Editor+ XSS 4.8AIMediumAI2024-07-30
CVE-2024-37484 WordPress Zephyr Project Manager plugin <= 3.3.97 - Privilege Escalation vulnerability CWE-269 8.8 High2024-07-09
CVE-2023-31237 WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection CWE-601 4.7 Medium2023-12-29
CVE-2023-34373 WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-06-19
CVE-2022-2839 Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS CWE-79 6.1 -2022-10-03
CVE-2022-2840 Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi CWE-89 9.8 -2022-09-19
CVE-2022-1822 Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2022-06-13

All 18 known CVE vulnerabilities affecting Zephyr Project Manager with full Chinese analysis, references, and POCs where available.