VYPR

Task Manager

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-60078HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through <= 3.0.2.

  • CVE-2026-4004MedMar 21, 2026
    risk 0.42cvss 6.5epss 0.00

    The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callback_search() function and insufficient input validation that allows…

  • CVE-2026-2351MedMar 21, 2026
    risk 0.42cvss 6.5epss 0.00

    The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents…

  • CVE-2024-11096Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2024-25218Feb 14, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.