Zephyr Project Manager

Laravel Tech Community

Nov 3, 2022 · Information Security

Cross-Site Request Forgery Vulnerability in WordPress Zephyr Project Manager Plugin (CVE-2022-2839)

The Zephyr Project Manager plugin for WordPress versions prior to 3.2.55 suffers from an unauthenticated CSRF flaw that allows attackers to impersonate administrators and execute malicious actions, including stored XSS, due to missing authorization checks and insufficient input sanitization.

CSRFCVE-2022-2839WordPress

0 likes · 2 min read

Cross-Site Request Forgery Vulnerability in WordPress Zephyr Project Manager Plugin (CVE-2022-2839)