Wedevs Wp_project_manager
16 CVEs affecting Wedevs Wp_project_manager. Latest disclosed: 2025-04-11. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-3636 | High | 8.8 | 2023-08-31 | The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on th… |
CVE-2023-34383 | High | 8.5 | 2023-11-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows S… |
CVE-2024-10174 | High | 7.3 | 2024-11-13 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direc… |
CVE-2024-13500 | Medium | 6.5 | 2025-02-15 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL… |
CVE-2024-13752 | Medium | 6.5 | 2025-02-15 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized l… |
CVE-2024-12195 | Medium | 6.5 | 2025-01-04 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection… |
CVE-2024-10548 | Medium | 6.5 | 2024-12-19 | The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task L… |
CVE-2023-40003 | Medium | 6.5 | 2024-12-13 | Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels… |
CVE-2023-49860 | Medium | 6.5 | 2023-12-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project manag… |
CVE-2025-2541 | Medium | 6.4 | 2025-04-11 | The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due… |
CVE-2025-3100 | Medium | 6.4 | 2025-04-09 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-S… |
CVE-2025-22649 | Medium | 5.9 | 2025-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows S… |
CVE-2021-36826 | Medium | 5.4 | 2022-04-04 | Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugi… |
CVE-2024-10520 | Medium | 5.3 | 2024-11-20 | The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the '… |
CVE-2025-32280 | Medium | 4.3 | 2025-04-04 | Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Pro… |
CVE-2020-36745 | Medium | 4.3 | 2023-07-01 | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or inco… |