Vulnerabilities and security researches forproject-panorama-lite project-panorama-lite

Jun 07, 2024

CVE, Research URL: CVE-2023-23810
Home page URL: Security reports for Panorama – WordPress Project Management Plugin
Application: Panorama – WordPress Project Management Plugin
Date: May 12, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

May 17, 2025

CVE, Research URL: CVE-2024-11843
Home page URL: Security reports for Panorama – WordPress Project Management Plugin
Application: Panorama – WordPress Project Management Plugin
Date: May 16, 2025
Research Description: The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable