CPE Details
SmartyPantsPLUGINS SP Project & Document Manager 4.27 for WordPress
4.27
2021-08-23
14h16 +00:00
14h16 +00:00
2021-08-23
14h53 +00:00
14h53 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:4.27:*:*:*:*:wordpress:*:*
Informations
Vendor
smartypantspluginsProduct
sp_project_\&_document_managerVersion
4.27Target Software
wordpressRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71. | 7.5 |
High |
||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | 8.8 |
High |
||
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. | 5.9 |
Medium |
||
| The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. | 8.8 |
High |
||
| Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | 6.1 |
Medium |
||
| The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | 6.5 |
Medium |
2025©
tesweb SA
