WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection
CVE-2023-34383

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Project Manager
Vendor: CVE Published:; 3 November 2023

Summary

A vulnerability in the weDevs WP Project Manager plugin has been identified, allowing attackers to exploit improper neutralization of special elements used in SQL commands. This SQL Injection issue affects the plugin versions from n/a to 2.6.0 and could potentially allow unauthorized access to sensitive data within the database, highlighting the necessity for timely updates and patches to ensure user data protection.

Affected Version(s)

WP Project Manager <= 2.6.0

References

https://patchstack.com/database/vulnerability/wedevs-proj...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

Theodoros Malachias (Patchstack Alliance)