Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress Plugin 'WP Project Manager' Allows Unauthenticated File Upload
MINI-v3v3-gfrp-hw94
Summary
A plugin for managing projects in WordPress allows attackers to upload arbitrary files without needing a password. This means an attacker could potentially upload malicious code to your website. To protect your site, update the plugin to the latest version or remove it and replace it with a different project management tool.
What to do
- Update openclaw to version 2026.4.2-r0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| MinimOS | – | openclaw |
< 2026.4.2-r0 Fix: upgrade to 2026.4.2-r0
|
Original title
MINI-v3v3-gfrp-hw94
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026