RSS   Vulnerabilities for 'Sp project \& document manager'   RSS

2021-08-16
 
CVE-2021-38315

CWE-79
 

 
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.

 
2021-06-14
 
CVE-2021-24347

CWE-94
 

 
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

 

 >>> Vendor: Smartypantsplugins 3 Products
Wp-funeral-press
Sp project & document manager
Sp project \& document manager


Copyright 2024, cxsecurity.com

 

Back to Top