Unauthorized Data Loss in WP Project Manager Plugin by WeDevs
CVE-2024-13752
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 February 2025
What is CVE-2024-13752?
The WP Project Manager plugin for WordPress is susceptible to unauthorized data loss due to a missing capability check on the '/pm/v2/settings/notice' endpoint. This vulnerability affects all versions of the plugin up to and including 2.6.17, allowing authenticated attackers with Subscriber-level access or higher to exploit the flaw, potentially leading to a persistent denial of service condition.
Affected Version(s)
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts * <= 2.6.17