Soplanning Security Vulnerabilities (CVEs)
Track 14 security vulnerabilities affecting Soplanning products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
SOPlanning users with the user_manage_team role can assign administrative permissions to any user, including themselves, allowing privilege escalation...
Nov 20, 2025SOPlanning's public holidays feature contains a stored cross-site scripting vulnerability that allows attackers with access to the feature to inject m...
Nov 20, 2025SOPlanning versions before 1.55 have a broken access control vulnerability in the /status endpoint that allows authenticated attackers to manipulate p...
Nov 20, 2025SOPlanning's password recovery token generation uses predictable values, allowing attackers to brute-force tokens and hijack any user account. This af...
Nov 20, 2025SOPlanning versions before 1.55 contain a stored cross-site scripting (XSS) vulnerability in the /groupe_form endpoint. Attackers with medium privileg...
Nov 20, 2025SOPlanning versions before 1.55 contain a stored cross-site scripting (XSS) vulnerability in the /taches endpoint. Attackers with medium privileges ca...
Nov 20, 2025SOPlanning web application is vulnerable to stored cross-site scripting (XSS) in the /projets endpoint. An attacker with medium privileges can inject ...
Nov 20, 2025SOPlanning web application is vulnerable to stored cross-site scripting (XSS) in the /status endpoint. An authenticated attacker can inject malicious ...
Nov 20, 2025SOPlanning 1.53.00 has a directory traversal vulnerability in the upload.php file that allows authenticated attackers to delete arbitrary files by man...
Mar 18, 2025This SQL injection vulnerability in SOPlanning versions before 1.45 allows remote attackers to execute arbitrary SQL queries through the 'by' paramete...
Oct 7, 2024This SQL injection vulnerability in SOPlanning versions before 1.45 allows remote attackers to execute arbitrary SQL queries through the 'by' paramete...
Oct 7, 2024A Cross-Site Scripting (XSS) vulnerability in SOPlanning versions before 1.45 allows remote attackers to inject malicious scripts via the /soplanning/...
Oct 7, 2024CVE-2024-27114 is an unauthenticated remote code execution vulnerability in SO Planning online planning tool. Attackers can upload PHP files that exec...
Sep 11, 2024An unauthenticated SQL injection vulnerability exists in SO Planning tool when public view is enabled, allowing attackers to execute arbitrary SQL com...
Sep 11, 2024Why Monitor Soplanning Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 14+ known vulnerabilities affecting Soplanning products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Soplanning packages in under 60 seconds. No agents required - completely agentless scanning that works across Soplanning deployments.
Free vulnerability database: Access detailed information about every Soplanning CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Soplanning CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
