What the vulnerability does
01Description
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.
Explanation of Vulnerability in Simple Terms
WP Project Manager versions up to 2.6.25 contain a hardcoded credential vulnerability. An attacker with network access can read sensitive information by exploiting this flaw without authentication. The vulnerability allows disclosure of confidential data but does not permit modification or service disruption. Update to a version newer than 2.6.25 to remediate.
What an attacker can do
Read sensitive information from the plugin without logging in.
Potential impact on your site
Confidential data may be exposed to unauthenticated attackers, including project details or configuration.
Conditions required to exploit
Network access to the WordPress site; no authentication or user interaction required.
Key dates
External resources