cleantalk
Vulnerabilities and Security Researches

SP Project & Document Manager, CVE-2014-9178

CVE, Research URL

CVE-2014-9178

Home page URL

Security reports for SP Project & Document Manager

Application

SP Project & Document Manager

Published on
Dec 02, 2014
Research Description
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
Affected versions
max 2.4.4.
Status
vulnerable
Previous vulnerability researches
SP Project & Document Manager (CVE-2022-34857) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-38315) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-4225) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-24347) , Jun 07, 2024
SP Project & Document Manager (CVE-2014-9178) , Jun 07, 2024
New vulnerability
SP Project & Document Manager (CVE-2026-10737) , Jun 05, 2026
EmergencyWP – Dead Man's switch & legacy deliverance (CVE-2026-9732) , Jun 04, 2026
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2026-45441) , Jun 04, 2026
Job Manager and Recruitment Board for Employers and Candidates – Crew HRM (CVE-2026-27351) , Jun 04, 2026
CloudSecure WP Security (CVE-2026-42411) , Jun 04, 2026