Lucene search
+L

201 matches found

nvd
nvd
added 2024/05/14 2:48 p.m.17 views

CVE-2024-1693

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.8AI score0.0042EPSS
Exploits0References2
cve
cve
added 2024/05/09 8:3 p.m.30 views

CVE-2024-1693

The CVE-2024-1693 vulnerability affects the SP Project & Document Manager WordPress plugin. It arises from a missing capability check on the cdm_save_category AJAX action, enabling authenticated users with subscriber-level access and higher to rename arbitrary folders they do not own. Affected ve...

4.3CVSS6.4AI score0.0042EPSS
Exploits0References2
nvd
nvd
added 2024/05/03 9:15 a.m.18 views

CVE-2024-33923

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69...

6.3CVSS6.7AI score0.00353EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/05/03 8:24 a.m.19 views

CVE-2024-33923 WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69...

6.3CVSS6.9AI score0.00353EPSS
Exploits0References1
cve
cve
added 2024/05/03 8:24 a.m.74 views

CVE-2024-33923

CVE-2024-33923 affects the SP Project & Document Manager (WordPress plugin) and is due to Missing Authorization in the plugin. The vulnerability affects SP Project & Document Manager versions from n/a up to 4.69. Reported CVSS 3.1 base metrics indicate Network access (AV:N), low attack complexity...

6.3CVSS5.2AI score0.00353EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/05/03 12:0 a.m.7 views

PT-2024-25556 · Smartypants · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager versions n/a through 4.69 Description: The issue is related to a Missing Authorization vulnerability in the Smartypants SP Project & Document Manager. Recommendations: For versions n/a through 4.69, update to a...

6.3CVSS6.5AI score0.00353EPSS
Exploits0References4
patchstack
patchstack
added 2024/04/29 12:0 a.m.10 views

WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to Broken Access Control

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33923 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 4ab90a9cecb9 Credits Abdi Pranata...

6.3CVSS6.5AI score0.00353EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.156 views

SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR

Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...

6.6AI score0.00523EPSS
Exploits2
wpvulndb
wpvulndb
added 2024/04/24 12:0 a.m.18 views

SP Project & Document Manager <= 4.71 - Data Update via IDOR

Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user PoC 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...

6.4AI score0.00434EPSS
Exploits2
nvd
nvd
added 2024/04/18 11:15 a.m.26 views

CVE-2024-32551

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS7.9AI score0.00486EPSS
Exploits0References1
cve
cve
added 2024/04/18 10:27 a.m.72 views

CVE-2024-32551

CVE-2024-32551 is a SQL Injection vulnerability in SP Project & Document Manager for WordPress (affecting versions from n/a through 4.71). The issue stems from improper neutralization of SQL elements in the plugin’s SP Project & Document Manager component, enabling an attacker with HIGH privilege...

7.6CVSS5.5AI score0.00486EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/18 10:27 a.m.30 views

CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS8.1AI score0.00486EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/18 10:27 a.m.25 views

CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71...

7.6CVSS5.5AI score0.00486EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/04/18 12:0 a.m.6 views

WordPress Plugin SP Project & Document Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin SP Project &...

7.6CVSS7.6AI score0.00486EPSS
Exploits0References2
patchstack
patchstack
added 2024/04/16 6:13 a.m.6 views

WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability

Auth. SQL Injection vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin SP Project & Document Manager versions = 4.71...

7.6CVSS8.1AI score0.00486EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/04/16 12:0 a.m.10 views

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32551 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 4e8128ffc035 Credits CatFather Required privilege Author...

7.6CVSS6.8AI score0.00486EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/02/28 1:15 p.m.4 views

CVE-2024-24868

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

8.8CVSS7.3AI score0.00544EPSS
Exploits0References1
nvd
nvd
added 2024/02/28 1:15 p.m.21 views

CVE-2024-24868

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

8.8CVSS8.9AI score0.00544EPSS
Exploits0References1
prion
prion
added 2024/02/28 1:15 p.m.25 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

5.5CVSS8.8AI score0.00544EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/02/28 1:6 p.m.33 views

CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

8.5CVSS7.6AI score0.00544EPSS
Exploits0References1
Rows per page
Query Builder