Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-1693 - Sp Client Document Manager Plugin
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them.
PLUGIN
Sp Client Document Manager
CVE-2024-1693
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3063 - Sp Client Document Manager Plugin
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
PLUGIN
Sp Client Document Manager
CVE-2023-3063
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-34857 - Sp Client Document Manager Plugin
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin
PLUGIN
Sp Client Document Manager
CVE-2022-34857
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-38315 - Sp Client Document Manager Plugin
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.
PLUGIN
Sp Client Document Manager
CVE-2021-38315
Risk Score