Lucene search
K

61 matches found

NVD
NVD
added 2024/02/28 1:15 p.m.20 views

CVE-2024-24868

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

8.8CVSS8.9AI score0.00544EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 1:15 p.m.24 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

5.5CVSS8.8AI score0.00544EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/28 1:6 p.m.19 views

CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

8.5CVSS9AI score0.00544EPSS
Exploits0References1
CVE
CVE
added 2024/02/28 1:6 p.m.118 views

CVE-2024-24868

CVE-2024-24868 affects the WordPress plugin SP Project & Document Manager (versions up to 4.69). It is a SQL Injection due to improper neutralization of input in the plugin, enabling unauthorized data access/injection via authenticated conduit. The issue is mitigated by upgrading to version 4.70,...

8.8CVSS8.8AI score0.00544EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.10 views

WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in 4.70 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-24868 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 55e058d86d8c Credits Yudistira Arya Required privilege...

8.8CVSS6.8AI score0.00544EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 10:59 p.m.11 views

CVE-2023-36677 WordPress SP Project & Document Manager plugin <= 4.67 - SQL Injection

A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project & Document Manager : from n/a through = 4.67...

8.3CVSS8AI score0.0072EPSS
Exploits0References1
CVE
CVE
added 2023/11/03 10:59 p.m.67 views

CVE-2023-36677

CVE-2023-36677 concerns the WordPress SP Project & Document Manager plugin. The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, affecting versions n/a through 4.67. The issue is categorized as high severity with potential impact to confid...

8.8CVSS8.3AI score0.0072EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/10 12:15 p.m.23 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...

4.3CVSS4.8AI score0.00366EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/10 11:52 a.m.25 views

CVE-2023-36530 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...

5.9CVSS5.5AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2023/08/10 11:52 a.m.53 views

CVE-2023-36530

CVE-2023-36530 is a Stored XSS affecting the WordPress plugin SP Project & Document Manager (versions

5.9CVSS5AI score0.00366EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/30 2:15 a.m.22 views

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.5AI score0.00729EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/30 1:56 a.m.27 views

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.6AI score0.00729EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/30 1:56 a.m.11 views

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS7.2AI score0.00729EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.12 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...

8.8CVSS6.7AI score0.00729EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.6 views

PT-2023-22827 · WordPress · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...

8.8CVSS9AI score0.00729EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.13 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36677 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 5776b5f22100 Credits Le Ngoc Anh Required privilege...

8.8CVSS6.8AI score0.0072EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.12 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bc56d5471ed7 Credits emad Requir...

5.9CVSS5.8AI score0.00366EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/29 12:0 a.m.18 views

SP Project & Document Manager < 4.68 - Subscriber+ Insecure Direct Object References

The plugin allows direct access to objects, allowing an authenticated user with subscriber privileges or above, to bypass authorization and change user passwords and potentially take over administrator accounts...

8.8CVSS8.7AI score0.00729EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

CVE-2022-34857

Reflected Cross-Site Scripting XSS vulnerability in smartypants SP Project & Document Manager plugin = 4.59 at WordPress...

6.1CVSS5.8AI score0.00492EPSS
Exploits0References2
CVE
CVE
added 2022/08/22 2:50 p.m.64 views

CVE-2022-34857

CVE-2022-34857 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin SP Project & Document Manager (smartypants) version

6.1CVSS6AI score0.00492EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder