CVE-2022-2840

Name of the Vulnerable Software and Affected Versions Zephyr Project Manager WordPress plugin versions prior to 3.2.5

Description The issue concerns the Zephyr Project Manager WordPress plugin, which does not properly sanitise and escape various parameters before using them in SQL statements via various AJAX actions. This affects both unauthenticated and authenticated users, leading to SQL injections.

Recommendations For versions prior to 3.2.5, update to version 3.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX actions until a patch is available. Avoid using the vulnerable parameters in the affected SQL statements until the issue is resolved.