📦 Wp Project Manager

The WP Project Manager plugin for WordPress has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to impersonate administrators by manipulating the 'user_id' para...

The WP Project Manager WordPress plugin up to version 2.6.4 contains a privilege escalation vulnerability. Authenticated attackers with minimal permissions (such as subscribers) can modify their user ...

The WP Project Manager WordPress plugin has a stored XSS vulnerability in SVG file uploads affecting all versions up to 2.6.22. Authenticated attackers with Author-level access can inject malicious sc...

A Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows attackers to trick authenticated administrators into performing unintended actions. This affects WordPress sites r...

This vulnerability allows authenticated attackers with Subscriber-level access or higher to perform time-based SQL injection attacks via the 'orderby' parameter in the WP Project Manager plugin. Attac...

The WP Project Manager WordPress plugin exposes hashed passwords and other sensitive data through an insecure REST API endpoint. Authenticated attackers with Subscriber-level access or higher can expl...