R1Z4X

**Name of the Vulnerable Software and Affected Versions** Taskbuilder WordPress plugin versions prior to 1.0.8 **Description** The issue allows any authenticated user to perform Stored Cross-Site Scripting by attaching a malicious SVG file to a task, due to the lack of validation and sanitization of task attachments. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting the ability to attach files to tasks or disabling the attachment feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Zephyr Project Manager versions prior to 3.2.55 **Description** The issue concerns a lack of authorization and CSRF protection in all AJAX actions of the plugin, allowing unauthenticated users to call these actions directly or through CSRF attacks. Additionally, due to insufficient sanitization and escaping, this could also enable Stored Cross-Site Scripting attacks against connected administrators. **Recommendations** For versions prior to 3.2.55, update to version 3.2.55 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zephyr Project Manager versions up to 3.2.4 **Description** A problematic issue was found in the REST Call Handler component, affecting an unknown function of the file /v1/tasks/create/. The manipulation of the `onanimationstart` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For Zephyr Project Manager versions up to 3.2.4, upgrade to version 3.2.5 to address this issue. As a temporary workaround, consider restricting access to the /v1/tasks/create/ API endpoint until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zephyr Project Manager WordPress plugin versions prior to 3.2.5 **Description** The issue concerns the Zephyr Project Manager WordPress plugin, which does not properly sanitise and escape various parameters before using them in SQL statements via various AJAX actions. This affects both unauthenticated and authenticated users, leading to SQL injections. **Recommendations** For versions prior to 3.2.5, update to version 3.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX actions until a patch is available. Avoid using the vulnerable parameters in the affected SQL statements until the issue is resolved.