CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

2024-05-1506:00:04

WPScan

www.cve.org

sp project

document manager

wordpress

logged-in user

file access

idor

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "SP Project & Document Manager",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "4.71"
      }
    ],
    "defaultStatus": "affected"
  }
]