cbcvebase.

Smartypants Sp Project Document Manager vulnerabilities

12 known vulnerabilities affecting smartypants/sp_project_document_manager.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2023-3063P3HIGHCVSS 8.8≤ 4.672023-06-30
CVE-2023-3063 [HIGH] CWE-639 CVE-2023-3063: The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Refer The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privil
nvd
CVE-2023-36677P3HIGHCVSS 8.8≥ n/a, ≤ 4.672023-11-03
CVE-2023-36677 [HIGH] CWE-89 CVE-2023-36677: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
nvd
CVE-2024-24868P3HIGHCVSS 8.8≥ n/a, ≤ 4.692024-02-28
CVE-2024-24868 [HIGH] CWE-89 CVE-2024-24868: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
nvd
CVE-2026-10737P3HIGHCVSS 7.5≤ 4.712026-06-04
CVE-2026-10737 [HIGH] CWE-862 CVE-2026-10737: The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links for arbitrary files stored inside project folders on the
nvd
CVE-2024-32551P3HIGHCVSS 7.6≥ n/a, ≤ 4.712024-04-18
CVE-2024-32551 [HIGH] CWE-89 CVE-2024-32551: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
nvd
CVE-2024-37224P3MEDIUMCVSS 6.5≥ n/a, ≤ 4.712024-07-09
CVE-2024-37224 [MEDIUM] CWE-22 CVE-2024-37224: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smar Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
nvd
CVE-2024-33923P3MEDIUMCVSS 6.3≥ n/a, ≤ 4.692024-05-03
CVE-2024-33923 [MEDIUM] CWE-862 CVE-2024-33923: Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
nvd
CVE-2024-31118P4MEDIUMCVSS 6.5≥ n/a, ≤ 4.702026-02-17
CVE-2024-31118 [MEDIUM] CWE-862 CVE-2024-31118: Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting I Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.
nvd
CVE-2024-1693P4MEDIUMCVSS 4.3≤ 4.702024-05-14
CVE-2024-1693 [MEDIUM] CWE-639 CVE-2024-1693: The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do
nvd
CVE-2021-38315P4MEDIUMCVSS 6.1≥ 4.25, ≤ 4.252021-08-16
CVE-2021-38315 [MEDIUM] CWE-79 CVE-2021-38315: The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross- The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
nvd
CVE-2022-34857P4MEDIUMCVSS 6.1≤ 4.592022-08-22
CVE-2022-34857 [MEDIUM] CWE-79 CVE-2022-34857: Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plug Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
nvd
CVE-2023-36530P4MEDIUMCVSS 4.8≥ n/a, ≤ 4.672023-08-10
CVE-2023-36530 [MEDIUM] CWE-79 CVE-2023-36530: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
nvd
Smartypants Sp Project Document Manager vulnerabilities | cvebase