Zephyr-one Zephyr Project Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Zephyr-one Zephyr Project Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-2840 — CVSS 9.8 (critical): The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL…
CVE-2024-7624 — CVSS 8.1 (high): The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including…
CVE-2024-38761 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr…
CVE-2025-32526 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager…
CVE-2024-7356 — CVSS 6.4 (medium): The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all…
CVE-2024-43915 — CVSS 5.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project…
CVE-2024-43322 — CVSS 5.4 (medium): Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project…
CVE-2022-2839 — CVSS 5.4 (medium): The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing…
CVE-2022-3333 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of…