Zephyr Project Manager Project Zephyr Project Manager vulnerabilities
3 known vulnerabilities affecting zephyr_project_manager_project/zephyr_project_manager.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-34373P4HIGHCVSS 8.8≤ 3.3.932023-06-19
CVE-2023-34373 [HIGH] CWE-352 CVE-2023-34373: Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
nvd
CVE-2023-31237P4MEDIUMCVSS 6.1fixed in 3.3.912023-12-29
CVE-2023-31237 [MEDIUM] CWE-601 CVE-2023-31237: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Mana
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.
nvd
CVE-2022-1822P4MEDIUMCVSS 6.1fixed in 3.2.412022-06-13
CVE-2022-1822 [MEDIUM] CWE-79 CVE-2022-1822: The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfull
nvd