Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zephyr project manager project zephyr project manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2840
The Zephyr Project Manager WordPress plugin prior to 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Zephyr Project Manager Project Zephyr Project Manager
1 EDB exploit
NA
CVE-2023-34373
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
Zephyr Project Manager Project Zephyr Project Manager
NA
CVE-2023-31237
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a up to and including 3.3.9.
Zephyr Project Manager Project Zephyr Project Manager
4.3
CVSSv2
CVE-2022-1822
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ...
Zephyr Project Manager Project Zephyr Project Manager
NA
CVE-2022-3333
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting...
Zephyr-one Zephyr Project Manager
NA
CVE-2022-2839
The Zephyr Project Manager WordPress plugin prior to 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it coul...
Zephyr-one Zephyr Project Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started