Smartypantsplugins: >> Sp Project & Document Manager >> 4.25 Security Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-07-09
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
CVSS Score
6.5
EPSS Score
0.006
Published
2024-05-15
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
CVSS Score
8.5
EPSS Score
0.003
Published
2024-02-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-03
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-10
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-30
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-22
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-07-25
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-16
Page 1