Sp Client Document Manager
by WordPress
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4225 | Hig | 0.57 | 8.8 | 0.02 | Apr 25, 2022 | The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file… | ||
| CVE-2026-10737 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2026 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and… | ||
| CVE-2024-32551 | Hig | 0.49 | 7.6 | 0.00 | Apr 18, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. | ||
| CVE-2024-3748 | Med | 0.42 | 6.5 | 0.00 | May 15, 2024 | The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user | ||
| CVE-2022-1551 | Med | 0.42 | 6.5 | 0.01 | Jul 25, 2022 | The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | ||
| CVE-2024-33923 | Med | 0.41 | 6.3 | 0.00 | May 3, 2024 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. | ||
| CVE-2024-1693 | Med | 0.28 | 4.3 | 0.00 | May 14, 2024 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with… |
- risk 0.57cvss 8.8epss 0.02
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file…
- risk 0.49cvss 7.5epss 0.00
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
- risk 0.42cvss 6.5epss 0.00
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
- risk 0.42cvss 6.5epss 0.01
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
- risk 0.28cvss 4.3epss 0.00
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with…