SP Project & Document Manager

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   SP Project & Document Manager

Information

Software Type Plugin
Software Slug sp-client-document-manager (view on wordpress.org)
Software Status Removed
Software Author smartypants
Software Website smartypantsplugins.com
Software Downloads 379,118
Software Active Installs 2,000
Software Record Last Updated April 16, 2024

18 Vulnerabilities

SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton
9.9
CVE-2024-32551
Apr 16, 2024
Researcher: CatFather
SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting
6.4
CVE-2024-31118
Mar 29, 2024
Researcher: CatFather
SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-24868
Feb 2, 2024
Researcher: beluga
SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-36530
Jun 30, 2023
Researcher: emad
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2023-36677
Jun 30, 2023
Researcher: Le Ngoc Anh
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
8.8
CVE-2023-3063
Jun 29, 2023
Researcher: István Márton
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting
6.1
CVE-2022-34857
Aug 10, 2022
Researchers:
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Aug 10, 2022
Researchers:
SP Project & Document Manager <= 4.57 - Sensitive File Disclosure
5.3
CVE-2022-1551
Jun 28, 2022
Researcher: Viktor Markopoulos
SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting
9.6
CVE ID Unknown
Jun 17, 2022
Researchers:
SP Project & Document Manager <= 4.25 - Reflected Cross-Site Scripting
6.1
CVE-2021-38315
Aug 16, 2021
Researcher: Thinkland Security Team
SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload
8.8
CVE-2021-4225
Jul 28, 2021
Researcher: pang0lin
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload
8.8
CVE-2021-24347
May 25, 2021
Researcher: Viktor Markopoulos
SP Projects & Document Manager <= 2.5.9.5 - Cross-Site Scripting
6.1
CVE ID Unknown
Mar 7, 2016
Researchers:
SP Projects & Document Manager <= 2.5.9.5 - SQL Injection
9.8
CVE ID Unknown
Mar 7, 2016
Researchers:
SP Projects & Document Manager <= 2.6.0.0 - Arbitrary File Upload
9.8
CVE ID Unknown
Mar 7, 2016
Researchers:
SP Project & Document Manager <= 2.5.9.5 - Cross-Site Request Forgery
8.8
CVE ID Unknown
Feb 2, 2016
Researchers:
SP Project & Document Manager < 2.4.4 - Multiple SQL Injection
9.8
CVE-2014-9178
Nov 20, 2014
Researcher: Dang Quoc Thai
Title CVE ID CVSS Researchers Date
SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton CVE-2024-32551 9.9 CatFather April 16, 2024
SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting CVE-2024-31118 6.4 CatFather March 29, 2024
SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-24868 8.8 beluga February 2, 2024
SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-36530 4.4 emad June 30, 2023
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection CVE-2023-36677 8.8 Le Ngoc Anh June 30, 2023
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change CVE-2023-3063 8.8 István Márton June 29, 2023
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting CVE-2022-34857 6.1 August 10, 2022
SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting 6.1 August 10, 2022
SP Project & Document Manager <= 4.57 - Sensitive File Disclosure CVE-2022-1551 5.3 Viktor Markopoulos June 28, 2022
SP Project & Document Manager <= 4.56 - Cross-Site Request Forgery and Cross-Site Scripting 9.6 June 17, 2022
SP Project & Document Manager <= 4.25 - Reflected Cross-Site Scripting CVE-2021-38315 6.1 Thinkland Security Team August 16, 2021
SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload CVE-2021-4225 8.8 pang0lin July 28, 2021
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload CVE-2021-24347 8.8 Viktor Markopoulos May 25, 2021
SP Projects & Document Manager <= 2.5.9.5 - Cross-Site Scripting 6.1 March 7, 2016
SP Projects & Document Manager <= 2.5.9.5 - SQL Injection 9.8 March 7, 2016
SP Projects & Document Manager <= 2.6.0.0 - Arbitrary File Upload 9.8 March 7, 2016
SP Project & Document Manager <= 2.5.9.5 - Cross-Site Request Forgery 8.8 February 2, 2016
SP Project & Document Manager < 2.4.4 - Multiple SQL Injection CVE-2014-9178 9.8 Dang Quoc Thai November 20, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation