VYPR

Sp Client Document Manager

by WordPress

CVEs (7)

  • CVE-2021-4225HigApr 25, 2022
    risk 0.57cvss 8.8epss 0.02

    The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file…

  • CVE-2026-10737HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…

  • CVE-2024-32551HigApr 18, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.

  • CVE-2024-3748MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

  • CVE-2022-1551MedJul 25, 2022
    risk 0.42cvss 6.5epss 0.01

    The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.

  • CVE-2024-33923MedMay 3, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.

  • CVE-2024-1693MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with…