SmartyPantsPLUGINS SP Project & Document Manager 4.62 for WordPress

CPE Details

SmartyPantsPLUGINS SP Project & Document Manager 4.62 for WordPress
smartypantsplugins
sp_project_\&_document_manager
4.62
2022-08-22
15h43 +00:00
2023-02-21
16h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:4.62:*:*:*:*:wordpress:*:*

Informations

Vendor

smartypantsplugins

Product

sp_project_\&_document_manager

Version

4.62

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-37224 2024-07-09 09h59 +00:00 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
7.5
Haute
CVE-2023-36677 2023-11-03 22h59 +00:00 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
8.8
Haute
CVE-2023-36530 2023-08-10 11h52 +00:00 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
5.9
Moyen
CVE-2023-3063 2023-06-30 01h56 +00:00 The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
8.8
Haute