Vulnerabilities and security researches forsp-client-document-manager sp-client-document-manager
Direction: ascendingJun 07, 2024
SP Project & Document Manager # CVE-2022-34857
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 22, 2022
- Research Description
- Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
- Affected versions
-
max 2.6.0.0.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2021-38315
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 17, 2021
- Research Description
- The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
- Affected versions
-
max 4.33.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2021-4225
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 25, 2022
- Research Description
- The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
- Affected versions
-
max 2.5.4.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2021-24347
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 14, 2021
- Research Description
- The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
- Affected versions
-
max 4.22.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2014-9178
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 02, 2014
- Research Description
- Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
- Affected versions
-
max 2.4.4.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2023-3063
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 30, 2023
- Research Description
- The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
- Affected versions
-
max 4.68.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2023-36677
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 04, 2023
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
- Affected versions
-
max 2.5.4.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2023-36530
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 10, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
- Affected versions
-
max 4.68.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2022-1551
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 25, 2022
- Research Description
- The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
- Affected versions
-
max 4.58.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-31118
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 17, 2026
- Research Description
- Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.
- Affected versions
-
max 4.70.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-32551
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 18, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.71.
- Affected versions
-
max 4.71.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-33923
- CVE, Research URL
- Home page URL
- Application
- Date
- May 03, 2024
- Research Description
- Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
- Affected versions
-
max 4.69.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-1693
- CVE, Research URL
- Home page URL
- Application
- Date
- May 14, 2024
- Research Description
- The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them.
- Affected versions
-
max 4.70.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-3748
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2024
- Research Description
- The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
- Affected versions
-
max 4.71.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-24868
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.
- Affected versions
-
max 4.70.
- Status
-
vulnerable
SP Project & Document Manager # CVE-2024-3749
- CVE, Research URL
- Home page URL
- Application
- Date
- May 15, 2024
- Research Description
- The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
- Affected versions
-
max 4.71.
- Status
-
vulnerable
Jun 26, 2024
SP Project & Document Manager # CVE-2024-37224
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 09, 2024
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.
- Affected versions
-
max 4.71.
- Status
-
vulnerable
Jun 05, 2026
SP Project & Document Manager # CVE-2026-10737
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 04, 2026
- Research Description
- The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links for arbitrary files stored inside project folders on the server, which can contain sensitive information. The authorization gate uses a negated nonce check OR-chained with permission checks, meaning a missing or invalid nonce causes the entire condition to evaluate to true and bypass all preceding capability and ownership checks. The secondary fallback check only denies access for root-level files (pid == 0), leaving all files stored inside project folders fully exposed to unauthenticated users who supply only a valid file ID in a POST request to admin-ajax.php.
- Affected versions
-
max 4.71.
- Status
-
vulnerable