Smartypants Sp Project & Document Manager
11 CVEs affecting Smartypants Sp Project & Document Manager. Latest disclosed: 2026-06-04. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-3063 | High | 8.8 | 2023-06-30 | The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due t… |
CVE-2024-24868 | High | 8.5 | 2024-02-28 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affe… |
CVE-2023-36677 | High | 8.3 | 2023-11-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Inje… |
CVE-2024-32551 | High | 7.6 | 2024-04-18 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affe… |
CVE-2026-10737 | High | 7.5 | 2026-06-04 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the view_file function in all… |
CVE-2024-37224 | High | 7.5 | 2024-07-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP… |
CVE-2024-31118 | Medium | 6.5 | 2026-02-17 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This i… |
CVE-2024-33923 | Medium | 6.3 | 2024-05-03 | Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69. |
CVE-2021-38315 | Medium | 6.1 | 2021-08-16 | The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/func… |
CVE-2023-36530 | Medium | 5.9 | 2023-08-10 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. |
CVE-2024-1693 | Medium | 4.3 | 2024-05-09 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_cat… |