CVE-2022-2840

CVE-2022-2840: Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

Vendor Unknown

Product Zephyr Project Manager

Weakness CWE-89 · SQLi

Published September 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

Key dates

02Disclosure timeline

September 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2840 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-11454 Specific Content For Mobile – Customize the mobile version without redirections <= 0.5.5 - Authenticated (Contributor+) SQL Injection CVE-2025-6096 codesiddhant Jasmin Ransomware dashboard.php sql injection CVE-2024-4932 SourceCodester Simple Online Bidding System sql injection CVE-2024-6007 Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection CVE-2025-28967 WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability