Vulnerabilities (CVE)

Filtered by vendor Zephyr-one Subscribe

Filtered by product Zephyr Project Manager

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-2840	1 Zephyr-one	1 Zephyr Project Manager	2024-09-03	N/A	9.8 CRITICAL
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
CVE-2024-43915	1 Zephyr-one	1 Zephyr Project Manager	2024-08-28	N/A	5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102.