Lucene search
+L

61 matches found

Cvelist
Cvelist
added 2022/08/22 2:50 p.m.24 views

CVE-2022-34857 WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in smartypants SP Project & Document Manager plugin = 4.59 at WordPress...

6.1CVSS6.2AI score0.00492EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/08/10 12:0 a.m.18 views

SP Project & Document Manager < 4.62 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.00492EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/07/25 1:15 p.m.26 views

CVE-2022-1551

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

6.5CVSS0.00807EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/07/25 12:46 p.m.29 views

CVE-2022-1551 SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...

6.6AI score0.00807EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.4 views

WordPress plugin SP Project & Document Manager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...

6.5CVSS6.5AI score0.00807EPSS
Exploits2References2
Prion
Prion
added 2022/04/25 4:16 p.m.10 views

Design/Logic Flaw

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

6.5CVSS8.6AI score0.0169EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/25 3:50 p.m.68 views

CVE-2021-4225

The CVE concerns the SP Project & Document Manager WordPress plugin (pre-4.24). The issue arises in the file-upload feature, where authentication is not restricted and users such as subscribers can upload files. The vendor’s extension-based checks are intended to block executable PHP or similar f...

8.8CVSS8.8AI score0.0169EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/16 7:15 p.m.17 views

Cross site scripting

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...

4.3CVSS6AI score0.00938EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.16 views

WordPress SP Project & Document Manager plugin <= 4.25 - Attribute-based Reflected Cross-Site Scripting (XSS) vulnerability

Attribute-based Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress SP Project & Document Manager plugin versions = 4.25. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.26...

6.1CVSS2AI score0.00938EPSS
Exploits2References3Affected Software1
0day.today
0day.today
added 2021/07/08 12:0 a.m.160 views

Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit

Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...

8.8CVSS0.1AI score0.52007EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/07/08 12:0 a.m.566 views

Wordpress Plugin SP Project &amp; Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...

8.8CVSS8.7AI score0.52007EPSS
Exploits8
OSV
OSV
added 2021/06/14 2:15 p.m.3 views

CVE-2021-24347

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

8.8CVSS7.3AI score0.52007EPSS
Exploits8References3
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.62 views

CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...

8.9AI score0.52007EPSS
Exploits8References3
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.8 views

WordPress 代码注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A code injection vulnerability exists in SP Project & Document Manager for WordPress, which originates from...

8.8CVSS8AI score0.52007EPSS
Exploits8References5
WPVulnDB
WPVulnDB
added 2016/03/07 12:0 a.m.12 views

SP Projects & Document Manager <= 2.5.9.5 - Multiple Vulnerabilities

The SP Project & Document Manager WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/03/31 12:0 a.m.17 views

WordPress SP Project & Document Manager Plugin 2.5.3 - Blind SQL Injection

SP Project & Document Manager plugin is prone to a blind SQL injection that is in the thumbnails function location: /wp-content/plugins/sp-client-document-manager/ajax.php. Solution Upgrade the plugin...

1.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/02 9:41 p.m.13 views

SP Client Document Manager <= 2.4.1 - Multiple SQL Injection

The SP Project & Document Manager WordPress plugin was affected by a Multiple SQL Injection security vulnerability...

7.5CVSS2.1AI score0.04594EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2014/12/02 4:59 p.m.16 views

CVE-2014-9178

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...

7.5CVSS8.6AI score0.04594EPSS
Exploits1References5
Prion
Prion
added 2014/12/02 4:59 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...

7.5CVSS9.3AI score0.04594EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2014/12/02 4:0 p.m.20 views

CVE-2014-9178

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...

8.6AI score0.04594EPSS
Exploits1References5
Rows per page
Query Builder