Lucene search
K

201 matches found

CNNVD
CNNVD
added 2022/07/25 12:0 a.m.3 views

WordPress plugin SP Project & Document Manager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...

6.5CVSS6.5AI score0.00807EPSS
Exploits2References2
OSV
OSV
added 2022/04/25 4:16 p.m.4 views

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

8.8CVSS7.3AI score0.01711EPSS
Exploits1References2
Prion
Prion
added 2022/04/25 4:16 p.m.9 views

Design/Logic Flaw

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

6.5CVSS8.6AI score0.01711EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/25 3:50 p.m.66 views

CVE-2021-4225

The CVE concerns the SP Project & Document Manager WordPress plugin (pre-4.24). The issue arises in the file-upload feature, where authentication is not restricted and users such as subscribers can upload files. The vendor’s extension-based checks are intended to block executable PHP or similar f...

8.8CVSS8.8AI score0.01711EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.4 views

WordPress plugin SP Project & Document Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress SP Project...

8.8CVSS5.5AI score0.01711EPSS
Exploits1References4
NVD
NVD
added 2021/08/16 7:15 p.m.29 views

CVE-2021-38315

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...

6.1CVSS0.00938EPSS
Exploits2References2
OSV
OSV
added 2021/08/16 7:15 p.m.5 views

CVE-2021-38315

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...

6.1CVSS5.8AI score0.00938EPSS
Exploits2References2
Prion
Prion
added 2021/08/16 7:15 p.m.17 views

Cross site scripting

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...

4.3CVSS6AI score0.00938EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/08/16 6:49 p.m.7 views

CVE-2021-38315 SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...

6.1CVSS6AI score0.00938EPSS
Exploits2References2
CVE
CVE
added 2021/08/16 6:49 p.m.63 views

CVE-2021-38315

The CVE-2021-38315 entry concerns the SP Project & Document Manager WordPress plugin (versions

6.1CVSS6AI score0.00938EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.136 views

SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting

The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/admin.php?page=sp-client-document-manager&from=" style=animation-name:rotation...

6.1CVSS2.7AI score0.00938EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.16 views

WordPress SP Project & Document Manager plugin <= 4.25 - Attribute-based Reflected Cross-Site Scripting (XSS) vulnerability

Attribute-based Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress SP Project & Document Manager plugin versions = 4.25. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.26...

6.1CVSS2AI score0.00938EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2021/07/26 8:15 p.m.15 views

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

5.4CVSS0.00503EPSS
Exploits1References1
OSV
OSV
added 2021/07/26 8:15 p.m.9 views

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

5.4CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2021/07/26 8:15 p.m.15 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

3.5CVSS5.3AI score0.00503EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/26 7:41 p.m.19 views

CVE-2020-23238

Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...

5.3AI score0.00503EPSS
Exploits1References1
CVE
CVE
added 2021/07/26 7:41 p.m.60 views

CVE-2020-23238

CVE-2020-23238 affects Evolution CMS 2.0.2, with a Cross Site Scripting (XSS) vulnerability exposed via the Document Manager feature . The connected records corroborate the vulnerability across multiple sources, consistently describing an XSS issue in that version; no details on exploitation, aff...

5.4CVSS5.2AI score0.00503EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.5 views

Evolution CMS 跨站脚本漏洞

Evolution CMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in Evolution CMS version 2.0.2, which can be exploited by an attacker to cause a cross-site scripting vulnerability via the Document Manager feature...

5.4CVSS5.5AI score0.00503EPSS
Exploits1References2
0day.today
0day.today
added 2021/07/08 12:0 a.m.157 views

Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit

Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...

8.8CVSS0.1AI score0.52007EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/07/08 12:0 a.m.565 views

Wordpress Plugin SP Project &amp; Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...

8.8CVSS8.7AI score0.52007EPSS
Exploits8
Rows per page
Query Builder