SP Project & Document Manager < 4.58 - Sensitive File Disclosure

Vulnerability

The SP Project & Document Manager WordPress plugin before version 4.58 uses an easily guessable path to store user files [1]. The plugin does not sufficiently randomize or protect the storage location, making it possible for any user to enumerate and access files belonging to other users.

Exploitation

An attacker only needs to be an authenticated user of the WordPress instance where the plugin is active. The attacker can guess or deduce the file storage path pattern and then enumerate or directly request files uploaded by other users [1]. No special privileges or additional conditions are required beyond standard authentication.

Impact

Successful exploitation leads to unauthorized disclosure of sensitive files uploaded by other users [1]. This includes documents, images, or any other files managed through the plugin, potentially exposing confidential or private information.

Mitigation

The vulnerability is fixed in version 4.58 of the SP Project & Document Manager plugin [1]. Users should update to version 4.58 or later immediately. There is no known workaround for versions prior to 4.58.