CVE-2024-12015: SQL Injection in WordPress Project Manager Plugin

7.7 CVSS

Description

The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.

Classification

CVE ID: CVE-2024-12015

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

Affected Products

Vendor: WeDevs

Product: WP Project Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.tenable.com/security/research/tra-2024-47

Timeline

2024-12-03 00:11:39 UTC
CVE

SQL Injection in WordPress Project Manager Plugin