Vulnerabilities > Smartypantsplugins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-37224 | Path Traversal vulnerability in Smartypantsplugins SP Project & Document Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71. | 6.5 |
| 2023-11-03 | CVE-2023-36677 | SQL Injection vulnerability in Smartypantsplugins SP Project & Document Manager Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | 8.8 |
| 2023-08-10 | CVE-2023-36530 | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager Auth. | 4.8 |
| 2023-06-30 | CVE-2023-3063 | Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. | 8.8 |
| 2022-08-22 | CVE-2022-34857 | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | 6.1 |
| 2022-07-25 | CVE-2022-1551 | Forced Browsing vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | 6.5 |
| 2022-04-25 | CVE-2021-4225 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. | 8.8 |
| 2021-09-09 | CVE-2021-38324 | SQL Injection vulnerability in Smartypantsplugins SP Rental Manager 1.5.3 The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. | 7.5 |
| 2021-08-16 | CVE-2021-38315 | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. | 6.1 |
| 2021-06-14 | CVE-2021-24347 | Improper Handling of Case Sensitivity vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. | 8.8 |