Dylanjkotze

**Name of the Vulnerable Software and Affected Versions** Zephyr Project Manager versions prior to 3.3.204 **Description** The Zephyr Project Manager plugin for WordPress is susceptible to a Directory Traversal issue via the `file` parameter. This allows authenticated attackers with Custom-level access or higher to read arbitrary files on the server, potentially exposing sensitive information. If `allow url fopen` is enabled on the server, this issue can also lead to Server-Side Request Forgery. **Recommendations** Update Zephyr Project Manager to version 3.3.204 or later.