Vulnerabilities > Smartypantsplugins

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-37224 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
network
low complexity
smartypantsplugins
6.5
2023-11-03 CVE-2023-36677 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
network
low complexity
smartypantsplugins
8.8
2023-08-10 CVE-2023-36530 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
Auth.
network
low complexity
smartypantsplugins
4.8
2022-08-22 CVE-2022-34857 Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
network
low complexity
smartypantsplugins CWE-79
6.1
2022-07-25 CVE-2022-1551 Forced Browsing vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
network
low complexity
smartypantsplugins CWE-425
6.5
2022-04-25 CVE-2021-4225 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files.
network
low complexity
smartypantsplugins
8.8
2021-09-09 CVE-2021-38324 SQL Injection vulnerability in Smartypantsplugins SP Rental Manager 1.5.3
The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.
network
low complexity
smartypantsplugins CWE-89
7.5
2021-08-16 CVE-2021-38315 Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
network
low complexity
smartypantsplugins CWE-79
6.1
2021-06-14 CVE-2021-24347 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension.
network
low complexity
smartypantsplugins
8.8