Smartypantsplugins Sp Project & Document Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Smartypantsplugins Sp Project & Document Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-3063 — CVSS 8.8 (high): The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including…
CVE-2021-24347 — CVSS 8.8 (high): The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php…
CVE-2021-4225 — CVSS 8.8 (high): The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The…
CVE-2024-24868 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document…
CVE-2023-36677 — CVSS 8.3 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document…
CVE-2014-9178 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin…
CVE-2024-37224 — CVSS 7.5 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document…
CVE-2022-1551 — CVSS 6.5 (medium): The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that…
CVE-2024-3749 — CVSS 6.5 (medium): The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and…
CVE-2024-3748 — CVSS 6.5 (medium): The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate…
CVE-2021-38315 — CVSS 6.1 (medium): The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to…