CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1693 – SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
https://notcve.org/view.php?id=CVE-2024-1693
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them. El complemento SP Project & Document Manager para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la acción cdm_save_category AJAX en todas las versiones hasta la 4.70 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen nombres de carpetas arbitrarios que no les pertenecen. • https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L786 https://www.wordfence.com/threat-intel/vulnerabilities/id/1951ad6c-17b5-44ae-85e2-376b99df742e?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3749 – SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
https://notcve.org/view.php?id=CVE-2024-3749
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user El complemento SP Project & Document Manager de WordPress hasta la versión 4.71 carece de controladores de acceso adecuados y permite que un usuario que haya iniciado sesión vea y descargue archivos que pertenecen a otro usuario. The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the cdm_file_list AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and download other user's files. • https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3748 – SP Project & Document Manager <= 4.71 - Data Update via IDOR
https://notcve.org/view.php?id=CVE-2024-3748
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user El complemento SP Project & Document Manager de WordPress hasta la versión 4.71 le falta validación en su función de carga, lo que permite al usuario manipular el `user_id` para que parezca que un archivo fue subido por otro usuario. The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the sp_cdm_link_save_embed AJAX action to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that look like they were uploaded by another user. • https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c • CWE-639: Authorization Bypass Through User-Controlled Key •