Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SmartyPants Security Vulnerabilities

cve
cve

CVE-2024-1693

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS

6.4AI Score

0.0004EPSS

2024-05-14 02:48 PM
2
cve
cve

CVE-2024-33923

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-03 09:15 AM
30
cve
cve

CVE-2024-32551

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through...

7.6CVSS

7.5AI Score

0.0004EPSS

2024-04-18 11:15 AM
31
cve
cve

CVE-2024-24868

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through...

8.5CVSS

9.3AI Score

0.0004EPSS

2024-02-28 01:15 PM
72
cve
cve

CVE-2023-36677

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through...

8.8CVSS

8.9AI Score

0.001EPSS

2023-11-03 11:15 PM
27
cve
cve

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS

8.7AI Score

0.0005EPSS

2023-06-30 02:15 AM
16
cve
cve

CVE-2023-36530

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67...

5.9CVSS

4.8AI Score

0.0004EPSS

2023-08-10 12:15 PM
15
cve
cve

CVE-2022-34857

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at...

6.1CVSS

6AI Score

0.001EPSS

2022-08-22 03:15 PM
32
4
cve
cve

CVE-2021-38315

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...

6.1CVSS

6AI Score

0.001EPSS

2021-08-16 07:15 PM
28
2