WP Project Manager
weDevs
Developer
3.0.3
Latest version
7,000
Installations
No date
Last updated
Vulnerability history
1 present
21 patched
11 Mitigation rules
- Sensitive Data Exposure vulnerability<= 3.0.126/12/2025
- Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' vulnerability<= 2.6.2614/11/2025
- Sensitive Data Exposure Vulnerability<= 2.6.2522/09/2025
- Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 2.6.2211/04/2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 2.6.2208/04/2025
- Cross Site Request Forgery (CSRF) Vulnerability< 2.6.2504/04/2025
- Authenticated (Subscriber+) SQL Injection via orderby Parameter vulnerability<= 2.6.1714/02/2025
- Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability<= 2.6.1714/02/2025
- Cross Site Scripting (XSS) vulnerability<= 2.6.2203/02/2025
- Authenticated (Subscriber+) SQL Injection vulnerability<= 2.6.1604/01/2025
- Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability<= 2.6.1519/12/2024
- SQL Injection vulnerability<= 2.6.2603/12/2024
- Missing Authorization to Project Milestone and Task Creation/Deletion vulnerability<= 2.6.1420/11/2024
- Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability<= 2.6.1313/11/2024
- Broken Access Control vulnerability<= 2.6.707/12/2023
- Cross Site Scripting (XSS) vulnerability< 2.6.907/12/2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.6.004/09/2023
- SQL Injection vulnerability<= 2.6.004/09/2023
- Arbitrary Usermeta Update to Authenticated Privilege Escalation<= 2.6.409/08/2023
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.4.1311/10/2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.4.901/03/2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.4.016/09/2020