GCVE - cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wedevs:wp_project_manager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wedevs (`74af2ef9-c755-5b07-93a2-5a3afa051904`)
Product	Wp Project Manager (`e5b738c2-9876-5ff3-b13a-c01a31ef6911`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wedevsofficial/wp-project-manager`	purl2cpe	2026-06-01 10:15:48.827407
`pkg:github/wp-plugins/wedevs-project-manager`	purl2cpe	2026-06-01 10:15:48.827410
`pkg:github/wpplugins/wedevs-project-manager`	purl2cpe	2026-06-01 10:15:48.827413

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-68040`	vulnerable	2026-06-03 15:11:02.762477	WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability MEDIUM (6.5) Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1. Published: 2025-12-29T23:25:11.382Z Updated: 2026-04-28T16:14:27.401Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-29-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-58269`	vulnerable	2026-06-03 15:06:21.074178	WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability MEDIUM (5.3) Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25. Published: 2025-09-22T18:23:15.563Z Updated: 2026-05-13T00:21:37.687Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-25-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-32280`	vulnerable	2026-06-03 15:00:40.399739	WordPress WP Project Manager plugin < 2.6.25 - Cross Site Request Forgery (CSRF) Vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25. Published: 2025-04-04T15:59:49.424Z Updated: 2026-04-28T16:12:20.936Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-22-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22649`	vulnerable	2026-06-03 14:59:41.055400	WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through <= 2.6.22. Published: 2025-03-27T15:05:39.426Z Updated: 2026-04-28T16:11:03.967Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12015`	vulnerable	2026-06-03 14:54:15.427964	SQL Injection in WordPress Project Manager Plugin HIGH (7.7) The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. Published: 2024-12-02T13:23:50.027Z Updated: 2024-12-02T19:18:41.867Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2024-47	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40003`	vulnerable	2026-06-03 14:52:42.332055	WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. Published: 2024-12-13T14:24:03.519Z Updated: 2026-04-29T09:51:49.303Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-7-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34383`	vulnerable	2026-06-03 14:52:16.605756	WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection HIGH (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. Published: 2023-11-03T11:11:51.699Z Updated: 2026-04-28T16:08:29.120Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-task-team-and-project-management-plugin-featuring-kanban-board-and-gantt-charts-plugin-2-6-0-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.