61 matches found
CVE-2022-34857 WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability in smartypants SP Project & Document Manager plugin = 4.59 at WordPress...
SP Project & Document Manager < 4.62 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1551
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...
CVE-2022-1551 SP Project & Document Manager < 4.58 - Sensitive File Disclosure
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files...
WordPress plugin SP Project & Document Manager 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...
Design/Logic Flaw
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...
CVE-2021-4225
The CVE concerns the SP Project & Document Manager WordPress plugin (pre-4.24). The issue arises in the file-upload feature, where authentication is not restricted and users such as subscribers can upload files. The vendor’s extension-based checks are intended to block executable PHP or similar f...
Cross site scripting
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
WordPress SP Project & Document Manager plugin <= 4.25 - Attribute-based Reflected Cross-Site Scripting (XSS) vulnerability
Attribute-based Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress SP Project & Document Manager plugin versions = 4.25. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.26...
Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
CVE-2021-24347
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...
CVE-2021-24347 SP Project & Document Manager <2 4.22 - Authenticated Shell Upload
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be...
WordPress 代码注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A code injection vulnerability exists in SP Project & Document Manager for WordPress, which originates from...
SP Projects & Document Manager <= 2.5.9.5 - Multiple Vulnerabilities
The SP Project & Document Manager WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
WordPress SP Project & Document Manager Plugin 2.5.3 - Blind SQL Injection
SP Project & Document Manager plugin is prone to a blind SQL injection that is in the thumbnails function location: /wp-content/plugins/sp-client-document-manager/ajax.php. Solution Upgrade the plugin...
SP Client Document Manager <= 2.4.1 - Multiple SQL Injection
The SP Project & Document Manager WordPress plugin was affected by a Multiple SQL Injection security vulnerability...
CVE-2014-9178
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...
Sql injection
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...
CVE-2014-9178
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin sp-client-document-manager 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 vendoremail parameter in the emailvendor functi...