Unrated severityNVD Advisory· Published Feb 15, 2025· Updated Apr 8, 2026
WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
CVE-2024-13752
Description
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=2.6.17
- wedevs/Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Trackerv5Range: 0
Patches
Vulnerability mechanics
References
7- plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.phpmitre
- plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.phpmitre
- plugins.trac.wordpress.org/changeset/3239348/mitre
- plugins.trac.wordpress.org/changesetmitre
- plugins.trac.wordpress.org/changesetmitre
- wordpress.org/plugins/wedevs-project-manager/mitre
- www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07emitre
News mentions
0No linked articles in our index yet.