cleantalk
Vulnerabilities and Security Researches

SP Project & Document Manager, CVE-2021-38315

CVE, Research URL

CVE-2021-38315

Home page URL

Security reports for SP Project & Document Manager

Application

SP Project & Document Manager

Published on
Aug 17, 2021
Research Description
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
Affected versions
max 4.33.
Status
vulnerable
Previous vulnerability researches
SP Project & Document Manager (CVE-2022-34857) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-38315) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-4225) , Jun 07, 2024
SP Project & Document Manager (CVE-2021-24347) , Jun 07, 2024
SP Project & Document Manager (CVE-2014-9178) , Jun 07, 2024
New vulnerability
SP Project & Document Manager (CVE-2026-10737) , Jun 05, 2026
EmergencyWP – Dead Man's switch & legacy deliverance (CVE-2026-9732) , Jun 04, 2026
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2026-45441) , Jun 04, 2026
Job Manager and Recruitment Board for Employers and Candidates – Crew HRM (CVE-2026-27351) , Jun 04, 2026
CloudSecure WP Security (CVE-2026-42411) , Jun 04, 2026