WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts, CVE-2023-3636

CVE, Research URL: CVE-2023-3636
Home page URL: Security reports for WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Application: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Published on: Aug 31, 2023
Research Description: The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.
Affected versions: Min -, max 2.6.1.
Status: vulnerable

WP Project Manager &#8211; Task, team, and project management plugin featuring kanban board and gantt charts, CVE-2023-3636