CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

CVE-2023-36677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67...

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bc56d5471ed7 Credits emad Requir...

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36677 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 5776b5f22100 Credits Le Ngoc Anh Required privilege...