Dylanjkotze

dylanjkotze

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Zephyr Project Manager

zephyr_project_manager

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-43916 1Dylanjkotze 1Zephyr Project Manager Sep 12, 2024 Aug 26, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
CVE-2024-6536 1Dylanjkotze 1Zephyr Project Manager Jun 10, 2025 Jul 30, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attack...Show more The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-43916

1Dylanjkotze

1Zephyr Project Manager

Sep 12, 2024

Aug 26, 2024

N/A· v4

7.1 HIGH· v3

N/A· v2

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.

CVE-2024-6536

1Dylanjkotze

1Zephyr Project Manager

Jun 10, 2025

Jul 30, 2024

N/A· v4

5.4 MEDIUM· v3

N/A· v2

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attack...Show more