Login Sign Up

CVE-2024-3749

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

The SP Project & Document Manager WordPress plugin through version 4.71 has an access control vulnerability that allows any authenticated user to view and download files belonging to other users. This affects all WordPress sites using vulnerable versions of this plugin. The vulnerability stems from improper authorization checks on file access endpoints.

💻 Affected Systems

Products:
  • SP Project & Document Manager WordPress Plugin
Versions: through 4.71
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Sp Project \& Document Manager by Smartypantsplugins

View all CVEs affecting Sp Project \& Document Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with any WordPress user account could access sensitive documents, intellectual property, or confidential files belonging to other users, potentially leading to data breaches, privacy violations, or corporate espionage.

🟠

Likely Case

Malicious users or compromised accounts accessing files they shouldn't have permission to view, leading to unauthorized information disclosure and potential compliance violations.

🟢

If Mitigated

With proper access controls, only authorized users can access their own files, maintaining document confidentiality and access segregation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires any valid WordPress user account. The vulnerability is simple to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.72 or later

Vendor Advisory: https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find SP Project & Document Manager. 4. Click 'Update Now' if update available. 5. If no update available, check plugin repository for version 4.72+.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate sp-project-and-document-manager

Restrict User Registration

all

Disable new user registration to limit potential attackers

Settings → General → Membership → Uncheck 'Anyone can register'

🧯 If You Can't Patch

  • Implement strict user access controls and monitor file access logs
  • Migrate sensitive documents to a secure document management system with proper access controls

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → SP Project & Document Manager version. If version is 4.71 or earlier, you are vulnerable.

Check Version:

wp plugin get sp-project-and-document-manager --field=version

Verify Fix Applied:

After updating, verify plugin version shows 4.72 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from user accounts
  • Multiple failed file access attempts followed by successful access

Network Indicators:

  • HTTP requests to plugin file endpoints with different user IDs

SIEM Query:

source=wordpress_logs (plugin="sp-project-and-document-manager") AND (action="file_access") | stats count by user_id, file_id

📊 Metadata

CVE ID: CVE-2024-3749
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: May 15, 2024
Last Updated: May 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON