Smartypantsplugins

Sp Project & Document Manager

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-37224

  • EPSS 1.94%
  • Veröffentlicht 09.07.2024 10:15:03
  • Zuletzt bearbeitet 21.11.2024 09:23:26

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.

6.5

CVE-2024-3749

Exploit
  • EPSS 0.72%
  • Veröffentlicht 15.05.2024 06:15:14
  • Zuletzt bearbeitet 15.05.2025 13:47:41

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user

6.5

CVE-2024-3748

Exploit
  • EPSS 0.31%
  • Veröffentlicht 15.05.2024 06:15:13
  • Zuletzt bearbeitet 15.05.2025 13:50:23

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

8.8

CVE-2024-24868

  • EPSS 0.28%
  • Veröffentlicht 28.02.2024 13:15:08
  • Zuletzt bearbeitet 04.03.2025 12:24:19

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.

8.8

CVE-2023-36677

  • EPSS 0.21%
  • Veröffentlicht 03.11.2023 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:10:20

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.

4.8

CVE-2023-36530

  • EPSS 0.06%
  • Veröffentlicht 10.08.2023 12:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:52

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.

8.8

CVE-2023-3063

  • EPSS 0.06%
  • Veröffentlicht 30.06.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:21

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorizati...

6.1

CVE-2022-34857

  • EPSS 0.21%
  • Veröffentlicht 22.08.2022 15:15:16
  • Zuletzt bearbeitet 21.11.2024 07:10:19

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress

6.5

CVE-2022-1551

Exploit
  • EPSS 0.44%
  • Veröffentlicht 25.07.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:57

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.

8.8

CVE-2021-4225

Exploit
  • EPSS 1.19%
  • Veröffentlicht 25.04.2022 16:16:07
  • Zuletzt bearbeitet 21.11.2024 06:37:11

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded b...