VYPR
← All vendors
Vendor

Smartypantsplugins

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2023-3063Hig0.578.80.00Jun 30, 2023The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
CVE-2024-24868Hig0.558.50.00Feb 28, 2024Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
CVE-2023-36677Hig0.548.30.00Nov 3, 2023Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
CVE-2014-91780.030.02Dec 2, 2014Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
CVE-2013-35290.030.05May 10, 2013Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.