📦 Sp Project \& Document Manager

by Smartypantsplugins

🔍 What is Sp Project \& Document Manager?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2024-24868

HIGH CVSS 8.5 Feb 28, 2024

This SQL injection vulnerability in the WordPress SP Project & Document Manager plugin allows attackers to execute arbitrary SQL commands through the plugin's interface. It affects all versions up to ...

CVE-2023-36677

HIGH CVSS 8.8 Nov 3, 2023

This SQL injection vulnerability in the Smartypants SP Project & Document Manager WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites ru...

CVE-2021-4225

HIGH CVSS 8.8 Apr 25, 2022

The SP Project & Document Manager WordPress plugin before version 4.24 contains an insufficient file extension validation vulnerability on Windows servers. Any authenticated WordPress user (including ...

CVE-2021-24347

HIGH CVSS 8.8 Jun 14, 2021

This vulnerability allows authenticated users to upload malicious PHP files by changing the file extension case (e.g., 'php' to 'pHP'), bypassing the plugin's file type validation. It affects WordPres...

CVE-2024-3749

MEDIUM CVSS 6.5 May 15, 2024

The SP Project & Document Manager WordPress plugin through version 4.71 has an access control vulnerability that allows any authenticated user to view and download files belonging to other users. This...