Browse all 3 CVE security advisories affecting Progress Planner. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Progress Planner is a project management tool designed for task tracking and team collaboration. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The application's three recorded CVEs highlight recurring issues in its web interface and API endpoints, where improper sanitization of user inputs has allowed attackers to execute arbitrary code or bypass authentication. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling untrusted data and enforcing proper session management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-48082 | WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability — Progress PlannerCWE-266 | 8.8 | High | 2025-10-22 |
| CVE-2024-37411 | WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability — Progress PlannerCWE-862 | 5.3 | Medium | 2024-11-01 |
| CVE-2024-37422 | WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability — Progress PlannerCWE-79 | 6.5 | Medium | 2024-07-22 |
This page lists every published CVE security advisory associated with Progress Planner. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.