Wedevs Wp Project Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Wedevs Wp Project Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-3636 — CVSS 8.8 (high): The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to…
CVE-2023-34383 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager…
CVE-2024-10174 — CVSS 7.3 (high): The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is…
CVE-2023-49860 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task…
CVE-2024-13500 — CVSS 6.5 (medium): The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is…
CVE-2024-12195 — CVSS 6.5 (medium): The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is…
CVE-2024-10548 — CVSS 6.5 (medium): The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15…
CVE-2024-13752 — CVSS 6.5 (medium): The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is…
CVE-2025-3100 — CVSS 6.4 (medium): The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is…
CVE-2025-2541 — CVSS 6.4 (medium): The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and…
CVE-2025-22649 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager…
CVE-2021-36826 — CVSS 5.4 (medium): Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP…
CVE-2024-10520 — CVSS 5.3 (medium): The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the…
CVE-2020-36745 — CVSS 4.3 (medium): The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is…