| |
Vulnerability CVE-2023-3063
Published: 2023-06-30
| Description: |
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. |
Type:
CWE-639 (Authorization Bypass Through User-Controlled Key)
References: |
https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L149
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
