Vulnerabilities > Smartypantsplugins > SP Project Document Manager > 4.22
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-03 | CVE-2023-36677 | SQL Injection vulnerability in Smartypantsplugins SP Project & Document Manager Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | 8.8 |
2023-08-10 | CVE-2023-36530 | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager Auth. | 4.8 |
2023-06-30 | CVE-2023-3063 | Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. | 8.8 |
2022-07-25 | CVE-2022-1551 | Forced Browsing vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | 6.5 |
2022-04-25 | CVE-2021-4225 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. | 6.5 |
2021-08-16 | CVE-2021-38315 | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. | 4.3 |