What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
WP Project Manager versions 3.0.1 and earlier contain an information disclosure vulnerability. An attacker with low-level site access can read sensitive data they should not have permission to view. The vulnerability requires valid user credentials but no additional user interaction. Update to a version newer than 3.0.1 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the plugin that should be restricted to higher-privilege users.
Potential impact on your site
04Site Impact
User data, project details, or other confidential information may be exposed to low-privilege site members.
Conditions required to exploit
05Prerequisites
Valid WordPress user account with low-level permissions (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
December 29, 2025
CVE published
April 28, 2026
Record updated