WP Project Manager
weDevs
Developer
3.0.2
Latest version
7,000
Installations
No date
Last updated
Vulnerability history
1 present
21 fixed
11 Mitigation rules
- Sensitive Data Exposure vulnerability<= 3.0.1Dec 26, 2025
- Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' vulnerability<= 2.6.26Nov 14, 2025
- Sensitive Data Exposure Vulnerability<= 2.6.25Sep 22, 2025
- Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 2.6.22Apr 11, 2025
- Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability<= 2.6.22Apr 8, 2025
- Cross Site Request Forgery (CSRF) Vulnerability< 2.6.25Apr 4, 2025
- Authenticated (Subscriber+) SQL Injection via orderby Parameter vulnerability<= 2.6.17Feb 14, 2025
- Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability<= 2.6.17Feb 14, 2025
- Cross Site Scripting (XSS) vulnerability<= 2.6.22Feb 3, 2025
- Authenticated (Subscriber+) SQL Injection vulnerability<= 2.6.16Jan 4, 2025
- Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability<= 2.6.15Dec 19, 2024
- SQL Injection vulnerability<= 2.6.26Dec 3, 2024
- Missing Authorization to Project Milestone and Task Creation/Deletion vulnerability<= 2.6.14Nov 20, 2024
- Insecure Direct Object Reference to Unauthenticated Authorization Bypass vulnerability<= 2.6.13Nov 13, 2024
- Broken Access Control vulnerability<= 2.6.7Dec 7, 2023
- Cross Site Scripting (XSS) vulnerability< 2.6.9Dec 7, 2023
- Cross Site Request Forgery (CSRF) vulnerability<= 2.6.0Sep 4, 2023
- SQL Injection vulnerability<= 2.6.0Sep 4, 2023
- Arbitrary Usermeta Update to Authenticated Privilege Escalation<= 2.6.4Aug 9, 2023
- Stored Cross-Site Scripting (XSS) vulnerability<= 2.4.13Oct 11, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.4.9Mar 1, 2021
- Cross-Site Request Forgery (CSRF) vulnerability<= 2.4.0Sep 16, 2020