Skip to main content

Zephyr Project Manager

14 CVEs product

Monthly

CVE-2024-43916 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.3.102. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zephyr Project Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-43915 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.3.102. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zephyr Project Manager
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43322 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.3.100. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zephyr Project Manager
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7624 HIGH PATCH This Week

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Zephyr Project Manager
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7356 MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38761 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.3.99. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Project Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-6536 MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zephyr Project Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-37484 HIGH This Week

Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zephyr Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-31237 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.3.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Zephyr Project Manager
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-34373 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zephyr Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-2839 MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Zephyr Project Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3333 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zephyr Project Manager
NVD VulDB WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2840 CRITICAL POC Act Now

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Zephyr Project Manager
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
9.7%
CVE-2022-1822 MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
3.0%
EPSS 0% CVSS 7.1
HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.3.102. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zephyr Project Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.3.102. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zephyr Project Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.3.100. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zephyr Project Manager
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.3.99. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Project Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zephyr Project Manager
NVD WPScan
EPSS 0% CVSS 8.8
HIGH This Week

Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zephyr Project Manager
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.3.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Zephyr Project Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zephyr Project Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress +1
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zephyr Project Manager
NVD VulDB WPScan
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Zephyr Project Manager
NVD WPScan Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy