Medium 4.9
2025-12-17< 3.3.204
CVE-2025-12496
Zephyr Project Manager
Minimum safe version
3.3.204
Update to 3.3.204 or later to address 25 fixable vulnerabilities
Latest available3.3.205 ✓
Medium 4.4
2025-09-26< 3.3.203
Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting
High 7.1
2025-08-28< 3.3.202
CVE-2025-54714
Medium 5.4
2025-04-16< 3.3.201
CVE-2025-39552
Medium 6.1
2025-04-17< 3.3.102
CVE-2025-32526
High 7.1
2024-08-26< 3.3.103
CVE-2024-43916
Medium 5.4
2024-08-26< 3.3.103
CVE-2024-43915
Critical 9.8
2024-08-18< 3.3.101
CVE-2024-43322
High 8.1
2024-08-15< 3.3.102
CVE-2024-7624
Medium 5.4
2024-08-05< 3.3.101
WordPress Zephyr Project Manager Plugin <= 3.3.100 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-07-30< 3.3.99
CVE-2024-6536
High 7.5
2024-08-01< 3.3.100
CVE-2024-38761
High 8.8
2024-07-09< 3.3.99
CVE-2024-37484
Medium 5.4
2023-06-19< 3.3.94
CVE-2023-34373
N/A
< 3.2.5
Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS
N/A
< 3.2.5
Zephyr Project Manager < 3.2.5 - Reflected Cross-Site Scripting
Medium 4.7
2023-12-29< 3.3.10
CVE-2023-31237
N/A
2022-08-29< 3.2.5
Zephyr Project Manager <= 3.2.42 - Missing Authorization to Cross-Site Scripting
N/A
2022-08-29< 3.2.5
Zephyr Project Manager <= 3.2.42 - Reflected Cross-Site Scripting
Medium 5.4
2022-10-03< 3.2.55
CVE-2022-2839
Medium 5.4
2022-09-28< 3.2.5
CVE-2022-3333
N/A
2022-08-29< 3.2.5
WordPress Zephyr Project Manager plugin <= 3.2.42 - Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2022-08-29< 3.2.5
WordPress Zephyr Project Manager plugin <= 3.2.42 - Unauthorized REST Calls to Stored Cross-Site Scripting (XSS) vulnerability
Critical 9.8
2022-09-19< 3.2.5
CVE-2022-2840
Medium 6.1
2022-06-13< 3.2.41
CVE-2022-1822