CVE-2024-13752
MEDIUMWP Project Manager < 2.6.18 - Authenticated Persistent Denial of Service via Settings Notice Endpoint
Title source: llmDescription
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.
References (7)
Core 7
Core References
Product, Release Notes
https://wordpress.org/plugins/wedevs-project-manager/#developers
Scores
CVSS v3
6.5
EPSS
0.0048
EPSS Percentile
37.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
wedevs/Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker
< 2.6.17
wedevs/wp_project_manager
< 2.6.18
Published
Feb 15, 2025
Tracked Since
Feb 18, 2026