Lucene search
+L
SmartypantspluginsSp Project & Document Manager

13 matches found

CVE
CVE
added 2021/06/14 1:37 p.m.208 views

CVE-2021-24347

The CVE-2021-24347 entry concerns the WordPress SP Project & Document Manager plugin prior to version 4.22. The vulnerability arises because the plugin attempts to block executable uploads by checking file extensions, but PHP files can still be uploaded by altering the extension case (e.g., php t...

8.8CVSS8.6AI score0.52007EPSS
Web
CVE
CVE
added 2024/02/28 1:6 p.m.120 views

CVE-2024-24868

CVE-2024-24868 affects the WordPress plugin SP Project & Document Manager (versions up to 4.69). It is a SQL Injection due to improper neutralization of input in the plugin, enabling unauthorized data access/injection via authenticated conduit. The issue is mitigated by upgrading to version 4.70,...

8.8CVSS8.8AI score0.00544EPSS
CVE
CVE
added 2022/07/25 12:46 p.m.97 views

CVE-2022-1551

CVE-2022-1551 affects the SP Project & Document Manager WordPress plugin prior to version 4.58. The issue stems from an easily guessable path used to store user files, enabling a user to access other users’ sensitive files. Exploitation details in connected documents include a PoC demonstrating a...

6.5CVSS6.4AI score0.00807EPSS
Web
CVE
CVE
added 2024/05/15 6:0 a.m.76 views

CVE-2024-3748

CVE-2024-3748 affects the SP Project & Document Manager WordPress plugin (versions ≤ 4.71). The issue is an IDOR in the upload function where an attacker can manipulate the user_id to make a file appear uploaded by another user, enabling potential unauthorized access or attribution. Connected sou...

6.5CVSS6.6AI score0.00434EPSS
CVE
CVE
added 2022/04/25 3:50 p.m.67 views

CVE-2021-4225

The CVE concerns the SP Project & Document Manager WordPress plugin (pre-4.24). The issue arises in the file-upload feature, where authentication is not restricted and users such as subscribers can upload files. The vendor’s extension-based checks are intended to block executable PHP or similar f...

8.8CVSS8.8AI score0.0169EPSS
CVE
CVE
added 2023/11/03 10:59 p.m.67 views

CVE-2023-36677

CVE-2023-36677 concerns the WordPress SP Project & Document Manager plugin. The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, affecting versions n/a through 4.67. The issue is categorized as high severity with potential impact to confid...

8.8CVSS8.3AI score0.0072EPSS
CVE
CVE
added 2021/08/16 6:49 p.m.66 views

CVE-2021-38315

The CVE-2021-38315 entry concerns the SP Project & Document Manager WordPress plugin (versions

6.1CVSS6AI score0.00938EPSS
Web
CVE
CVE
added 2022/08/22 2:50 p.m.64 views

CVE-2022-34857

CVE-2022-34857 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin SP Project & Document Manager (smartypants) version

6.1CVSS6AI score0.00492EPSS
CVE
CVE
added 2024/05/15 6:0 a.m.64 views

CVE-2024-3749

The CVE-2024-3749 entry concerns the SP Project & Document Manager WordPress plugin (versions up to 4.71). Multiple sources describe an IDOR/undue access flaw: a logged-in subscriber can view or download files belonging to other users due to insufficient access controls. The vulnerability is char...

6.5CVSS6.5AI score0.00523EPSS
Web
CVE
CVE
added 2023/06/30 1:56 a.m.56 views

CVE-2023-3063

CVE-2023-3063 affects SP Project & Document Manager (WordPress) up to version 4.67. Root cause: Insecure Direct Object References (IDOR) allowing authenticated users with subscriber privileges (or higher) to access objects and bypass authorization, enabling password changes and potential administ...

8.8CVSS8.7AI score0.00729EPSS
CVE
CVE
added 2023/08/10 11:52 a.m.55 views

CVE-2023-36530

CVE-2023-36530 is a Stored XSS affecting the WordPress plugin SP Project & Document Manager (versions

5.9CVSS5AI score0.00366EPSS
CVE
CVE
added 2024/07/09 9:59 a.m.55 views

CVE-2024-37224

CVE-2024-37224 is a path traversal vulnerability in WordPress plugin SP Project & Document Manager (SP Client Document Manager) affecting versions up to 4.71. The issue arises from an improper limitation of a pathname to a restricted directory , enabling access to files outside allowed directorie...

7.5CVSS7AI score0.00574EPSS
CVE
CVE
added 2014/12/02 4:0 p.m.48 views

CVE-2014-9178

CVE-2014-9178 affects the WordPress plugin “SP Client Document Manager” (sp-client-document-manager) up to version 2.4.1. The vulnerability is a Multiple SQL Injection in classes/ajax.php, exploitable via (1) vendor_email[] in the email_vendor function or (2) id in the download_project, (3) downl...

7.5CVSS8.9AI score0.04594EPSS
Web