Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

Information

Software Type Plugin
Software Slug wedevs-project-manager (view on wordpress.org)
Software Status Active
Software Author wedevs
Software Website wedevs.com
Software Downloads 676,325
Software Active Installs 6,000
Software Record Last Updated June 18, 2026

Showing 1-20 of 22 Vulnerabilities

Submit a Vulnerability
Project Manager <= 3.0.1 - Authenticated (Subscriber+) Information Exposure
4.3
CVE-2025-68040
Dec 26, 2025
Researcher: MD ISMAIL
WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'
6.5
CVE-2025-8994
Nov 14, 2025
Researcher: mikemyers
WP Project Manager <= 2.6.25 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2025-58269
Sep 22, 2025
Researcher: Legion Hunter
WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-2025-2541
Apr 10, 2025
Researcher: Avraham Shemesh
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
6.4
CVE-2025-3100
Apr 8, 2025
Researcher: siavashvafshar
WP Project Manager <= 2.6.24 - Cross-Site Request Forgery
4.3
CVE-2025-32280
Apr 4, 2025
Researcher: Manab Jyoti Dowarah
WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter
6.5
CVE-2024-13500
Feb 14, 2025
Researcher: Krzysztof Zając
WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
6.5
CVE-2024-13752
Feb 14, 2025
Researcher: Krzysztof Zając
WP Project Manager <= 2.6.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2025-22649
Feb 3, 2025
Researcher: Manab Jyoti Dowarah
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection
6.5
CVE-2024-12195
Jan 3, 2025
Researcher: Trương Hữu Phúc (truonghuuphuc)
WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API
6.5
CVE-2024-10548
Dec 18, 2024
Researcher: Noah Stead (TurtleBurg)
WP Project Manager <= 2.6.31 - Authenticated (Project Manager+) SQL Injection
6.5
CVE-2024-12015
Dec 2, 2024
Researcher: Joshua Martinelle
WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion
5.3
CVE-2024-10520
Nov 19, 2024
Researcher: Noah Stead (TurtleBurg)
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass
7.3
CVE-2024-10174
Nov 12, 2024
Researcher: stealthcopter
WP Project Manager <= 2.6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2023-49860
Dec 7, 2023
Researcher: lttn
WP Project Manager <= 2.6.7 - Missing Authorization
5.3
CVE-2023-40003
Dec 7, 2023
Researcher: lttn
WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2023-34383
Sep 4, 2023
Researcher: Theodoros Malachias
WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2023-3636
Jul 24, 2023
Researchers: Chloe Chamberland, István Márton
Appsero <= 1.2.1 - Missing Authorization
4.3
CVE ID Unknown
Dec 16, 2022
Researchers:
Appsero <= 1.2.0 - Cross-Site Request Forgery
4.3
CVE-2022-47150
Dec 14, 2022
Researcher: István Márton
Title Status CVE ID CVSS Researchers Date
Project Manager <= 3.0.1 - Authenticated (Subscriber+) Information Exposure Patched CVE-2025-68040 4.3 MD ISMAIL December 26, 2025
WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' Patched CVE-2025-8994 6.5 mikemyers November 14, 2025
WP Project Manager <= 2.6.25 - Unauthenticated Sensitive Information Exposure Patched CVE-2025-58269 5.3 Legion Hunter September 22, 2025
WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload Patched CVE-2025-2541 6.4 Avraham Shemesh April 10, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload Patched CVE-2025-3100 6.4 siavashvafshar April 8, 2025
WP Project Manager <= 2.6.24 - Cross-Site Request Forgery Patched CVE-2025-32280 4.3 Manab Jyoti Dowarah April 4, 2025
WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter Patched CVE-2024-13500 6.5 Krzysztof Zając February 14, 2025
WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update Patched CVE-2024-13752 6.5 Krzysztof Zając February 14, 2025
WP Project Manager <= 2.6.22 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2025-22649 4.4 Manab Jyoti Dowarah February 3, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection Patched CVE-2024-12195 6.5 Trương Hữu Phúc (truonghuuphuc) January 3, 2025
WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API Patched CVE-2024-10548 6.5 Noah Stead (TurtleBurg) December 18, 2024
WP Project Manager <= 2.6.31 - Authenticated (Project Manager+) SQL Injection Patched CVE-2024-12015 6.5 Joshua Martinelle December 2, 2024
WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion Patched CVE-2024-10520 5.3 Noah Stead (TurtleBurg) November 19, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass Patched CVE-2024-10174 7.3 stealthcopter November 12, 2024
WP Project Manager <= 2.6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting Patched CVE-2023-49860 6.4 lttn December 7, 2023
WP Project Manager <= 2.6.7 - Missing Authorization Patched CVE-2023-40003 5.3 lttn December 7, 2023
WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection Patched CVE-2023-34383 8.8 Theodoros Malachias September 4, 2023
WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation Patched CVE-2023-3636 8.8 Chloe Chamberland, István Márton July 24, 2023
Appsero <= 1.2.1 - Missing Authorization Patched 4.3 December 16, 2022
Appsero <= 1.2.0 - Cross-Site Request Forgery Patched CVE-2022-47150 4.3 István Márton December 14, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation