cleantalk
Vulnerabilities and Security Researches

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts, CVE-2020-36745

CVE, Research URL

CVE-2020-36745

Home page URL

Security reports for WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Application

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Published on
Jul 01, 2023
Research Description
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.4.1.
Status
vulnerable
Previous vulnerability researches
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2023-40003) , Jun 10, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2024-10174) , Nov 13, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2023-3636) , Jun 07, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2024-13752) , Feb 17, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2020-36745) , Jun 07, 2024
New vulnerability
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025
coreActivity: Activity Logging plugin for WordPress (CVE-2025-3436) , Apr 09, 2025
Easy Contact (CVE-2025-30970) , Apr 08, 2025
DyaPress ERP/CRM (CVE-2025-30582) , Apr 08, 2025
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links (CVE-2025-1264) , Apr 07, 2025