Vulnerabilities > Smartypantsplugins > SP Project Document Manager > 4.24

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-36677 SQL Injection vulnerability in Smartypantsplugins SP Project & Document Manager
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
network
low complexity
smartypantsplugins CWE-89
8.8
2023-08-10 CVE-2023-36530 Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager
Auth.
network
low complexity
smartypantsplugins CWE-79
4.8
2023-06-30 CVE-2023-3063 Unspecified vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67.
network
low complexity
smartypantsplugins
8.8
2022-07-25 CVE-2022-1551 Forced Browsing vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
network
low complexity
smartypantsplugins CWE-425
6.5
2021-08-16 CVE-2021-38315 Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
4.3