Skip to main content

Sp Project Document Manager

11 CVEs product

Monthly

CVE-2024-37224 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.71. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sp Project Document Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-3749 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sp Project Document Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3748 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sp Project Document Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24868 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.69. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sp Project Document Manager
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-36530 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sp Project Document Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3063 HIGH PATCH This Week

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Sp Project Document Manager
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-34857 MEDIUM PATCH This Month

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Sp Project Document Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-1551 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Sp Project Document Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38315 MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Sp Project Document Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24347 HIGH POC THREAT Act Now

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Sp Project Document Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
52.0%
CVE-2014-9178 HIGH POC This Week

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Sp Project Document Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.71. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sp Project Document Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sp Project Document Manager
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sp Project Document Manager
NVD WPScan
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.69. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sp Project Document Manager
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sp Project Document Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Sp Project Document Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Sp Project Document Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Sp Project Document Manager
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD
EPSS 52% CVSS 8.8
HIGH POC THREAT Act Now

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure +1
NVD WPScan
EPSS 2% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy