CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33923 – WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33923
29 Apr 2024 — Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. Vulnerabilidad de autorización faltante en Smartypants SP Project & Document Manager. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.69. The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This ma... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32551 – WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32551
16 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Smartypants SP Project & Document Manager. Este problema afecta a SP Project & Document Manager: desde n/a hasta 4.71. The SP Project & Document Manager plugin for Wor... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manage-plugin-4-71-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31118 – SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-31118
29 Mar 2024 — The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts into pages. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24868 – WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2024-24868
02 Feb 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69. The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via the sp_cdm_display_project_shortcode_show function in versions up to, and including, 4.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... • https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •