61 matches found
CVE-2024-24868
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...
CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...
CVE-2024-24868
CVE-2024-24868 affects the WordPress plugin SP Project & Document Manager (versions up to 4.69). It is a SQL Injection due to improper neutralization of input in the plugin, enabling unauthorized data access/injection via authenticated conduit. The issue is mitigated by upgrading to version 4.70,...
WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in 4.70 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-24868 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 55e058d86d8c Credits Yudistira Arya Required privilege...
CVE-2023-36677 WordPress SP Project & Document Manager plugin <= 4.67 - SQL Injection
A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project & Document Manager : from n/a through = 4.67...
CVE-2023-36677
CVE-2023-36677 concerns the WordPress SP Project & Document Manager plugin. The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, affecting versions n/a through 4.67. The issue is categorized as high severity with potential impact to confid...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
CVE-2023-36530 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
CVE-2023-36530
CVE-2023-36530 is a Stored XSS affecting the WordPress plugin SP Project & Document Manager (versions
CVE-2023-3063
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...
PT-2023-22827 · WordPress · Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36677 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 5776b5f22100 Credits Le Ngoc Anh Required privilege...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bc56d5471ed7 Credits emad Requir...
SP Project & Document Manager < 4.68 - Subscriber+ Insecure Direct Object References
The plugin allows direct access to objects, allowing an authenticated user with subscriber privileges or above, to bypass authorization and change user passwords and potentially take over administrator accounts...
CVE-2022-34857
Reflected Cross-Site Scripting XSS vulnerability in smartypants SP Project & Document Manager plugin = 4.59 at WordPress...
CVE-2022-34857
CVE-2022-34857 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin SP Project & Document Manager (smartypants) version