SmartyPantsPLUGINS SP Project & Document Manager 2.4.9 for WordPress

CPE Details

SmartyPantsPLUGINS SP Project & Document Manager 2.4.9 for WordPress
smartypantsplugins
sp_project_\&_document_manager
2.4.9
2021-08-23
14h16 +00:00
2021-08-23
14h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:2.4.9:*:*:*:*:wordpress:*:*

Informations

Vendor

smartypantsplugins

Product

sp_project_\&_document_manager

Version

2.4.9

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-37224 2024-07-09 09h59 +00:00 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
7.5
High
CVE-2023-36677 2023-11-03 22h59 +00:00 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
8.8
High
CVE-2023-36530 2023-08-10 11h52 +00:00 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
5.9
Medium
CVE-2023-3063 2023-06-30 01h56 +00:00 The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
8.8
High
CVE-2022-34857 2022-08-22 14h50 +00:00 Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
6.1
Medium
CVE-2022-1551 2022-07-25 10h46 +00:00 The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
6.5
Medium
CVE-2021-4225 2022-04-25 13h50 +00:00 The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
8.8
High
CVE-2021-38315 2021-08-16 18h49 +00:00 The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
6.1
Medium
CVE-2021-24347 2021-06-14 11h37 +00:00 The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
8.8
High