CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Smartypantsplugins: >> Sp Project & Document Manager >> 4.22 Security Vulnerabilities

CVE-2021-38315

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-08-16

Page 2

Vulnerabilities

Vulnerable Software

Smartypantsplugins: >> Sp Project & Document Manager >> 4.22 Security Vulnerabilities

Products

Pricing

Contact Us