Sp Project \& Document Manager
by WordPress
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36677 | Hig | 0.54 | 8.3 | 0.00 | Nov 3, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | ||
| CVE-2026-10737 | Hig | 0.49 | 7.5 | — | Jun 4, 2026 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and… | ||
| CVE-2024-33923 | Med | 0.41 | 6.3 | 0.00 | May 3, 2024 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. | ||
| CVE-2021-24347 | 0.09 | — | 0.81 | Jun 14, 2021 | The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php… | |||
| CVE-2014-9178 | 0.03 | — | 0.02 | Dec 2, 2014 | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter… | |||
| CVE-2024-3749 | 0.00 | — | 0.01 | May 15, 2024 | The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user | |||
| CVE-2023-36530 | 0.00 | — | 0.00 | Aug 10, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. | |||
| CVE-2022-34857 | 0.00 | — | 0.00 | Aug 22, 2022 | Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | |||
| CVE-2022-1551 | 0.00 | — | 0.00 | Jul 25, 2022 | The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | |||
| CVE-2021-4225 | 0.00 | — | 0.02 | Apr 25, 2022 | The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file… |
- risk 0.54cvss 8.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
- risk 0.49cvss 7.5epss —
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
- CVE-2021-24347Jun 14, 2021risk 0.09cvss —epss 0.81
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php…
- CVE-2014-9178Dec 2, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter…
- CVE-2024-3749May 15, 2024risk 0.00cvss —epss 0.01
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
- CVE-2023-36530Aug 10, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
- CVE-2022-34857Aug 22, 2022risk 0.00cvss —epss 0.00
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
- CVE-2022-1551Jul 25, 2022risk 0.00cvss —epss 0.00
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
- CVE-2021-4225Apr 25, 2022risk 0.00cvss —epss 0.02
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file…