cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12195,https://securityvulnerability.io/vulnerability/CVE-2024-12195,SQL Injection Vulnerability in WP Project Manager Plugin for WordPress,"The WP Project Manager plugin for WordPress is susceptible to SQL Injection through the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint. This vulnerability arises from inadequate input sanitization, which permits authenticated users with project access to append malicious SQL queries to legitimate database queries. Consequently, this can lead to unauthorized access and potential extraction of sensitive information from the database. All versions of the plugin up to and including 2.6.16 are impacted, highlighting the need for immediate updates to protect against potential exploitation.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,false,false,false,2025-01-04T11:24:20.388Z,0
CVE-2024-10548,https://securityvulnerability.io/vulnerability/CVE-2024-10548,Sensitive Data Exposure Vulnerability in WP Project Manager Plugin for WordPress,"The WP Project Manager plugin for WordPress is critically vulnerable to sensitive information exposure due to a flaw in the REST API endpoint ('/wp-json/pm/v2/projects/1/task-lists'). This vulnerability affects all versions of the plugin up to and including 2.6.15. Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to retrieve sensitive data, including hashed passwords of project administrators. Website owners using this plugin should urgently apply updates to prevent potential unauthorized access and safeguard sensitive information.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-12-19T01:45:13.998Z,0
CVE-2024-10520,https://securityvulnerability.io/vulnerability/CVE-2024-10520,Unauthorized Data Modification Vulnerability in WP Project Manager for WordPress,"The WP Project Manager plugin for WordPress is impacted by a vulnerability that permits unauthorized users to manipulate project data. This arises from a missing capability check in the 'check' method used within the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes. As a result, unauthenticated attackers can create or delete milestones, task lists, and tasks across any projects, potentially leading to significant disruption and unauthorized alterations of project management resources. It's important to note that version 2.6.14 has only implemented a partial fix, highlighting the need for secure coding practices and prompt remediation.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-20T11:33:10.861Z,0
CVE-2024-10174,https://securityvulnerability.io/vulnerability/CVE-2024-10174,Unauthenticated Access to Plugin REST Routes via Insecure Direct Object Reference,"The WP Project Manager plugin, which facilitates task, team, and project management within WordPress environments, is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability arises from insufficient validation mechanisms within the 'Abstract_Permission' class, specifically concerning the 'user_id' key controlled by the end user. As a result, unauthenticated attackers can manipulate user credentials, impersonating administrators and potentially gaining unrestricted access to all REST routes of the plugin. This could enable them to alter data or exploit other vulnerabilities within the WordPress site, leading to severe security implications for users.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",7.3,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-13T03:20:08.239Z,0
CVE-2023-3636,https://securityvulnerability.io/vulnerability/CVE-2023-3636,Privilege Escalation Flaw in WP Project Manager Plugin by WordPress,"The WP Project Manager plugin for WordPress contains a flaw that allows authenticated users with minimal permissions to escalate their privileges. This vulnerability arises from inadequate restrictions on the 'save_users_map_name' function, enabling attackers, such as subscribers, to alter their user roles through manipulation of the 'usernames' parameter. Users are encouraged to update to the latest version to mitigate this risk.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2020-36745,https://securityvulnerability.io/vulnerability/CVE-2020-36745,Cross-Site Request Forgery Vulnerability in WP Project Manager Plugin by WordPress,"The WP Project Manager plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF). This issue arises from improper nonce validation within the do_updates() function, allowing attackers to potentially execute unauthorized updates on the WordPress site. Exploitation is possible if a site administrator is tricked into triggering a malicious request, thereby compromising the site's integrity and security.",Wordpress,"WP Project Manager – Task, Team, And Project Management Plugin Featuring Kanban Board And Gantt Charts",4.3,MEDIUM,0.005659999791532755,false,,false,false,false,,false,false,2023-07-01T04:26:51.652Z,0