CVE-2026-3977 | projectsend up to r1945 AJAX Endpoints authorization (Issue 1525)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability was found in projectsend up to r1945. It has been classified as critical. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization.

This vulnerability is documented as CVE-2026-3977. The attack can be initiated remotely. There is not any exploit available.

To fix this issue, it is recommended to deploy a patch.

CVE-2026-3977 | projectsend up to r1945 AJAX Endpoints authorization (Issue 1525)

Post correlati

CVE-2025-8910 | WellChoose Organization Portal System up to IFTOP_P3_2_1_196 cross site scripting

CVE-2025-13160 | IQ Service International IQ-Support 1.0 exposure of sensitive system information to an unauthorized control sphere

CVE-2024-49279 | TipTopPress Hyperlink Group Block Plugin up to 1.17.5 on WordPress cross site scripting

CVE-2024-0377 | LifterLMS Plugin up to 7.5.1 on WordPress process_review authorization