The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 15 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Smartypantsplugins
Smartypantsplugins sp Project \& Document Manager
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:smartypantsplugins:sp_project_\&_document_manager:*:*:*:*:*:wordpress:*:*
Vendors & Products Smartypantsplugins
Smartypantsplugins sp Project \& Document Manager

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-01T20:20:01.139Z

Reserved: 2024-04-12T20:26:38.897Z

Link: CVE-2024-3749

cve-icon Vulnrichment

Updated: 2024-08-01T20:20:01.139Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-15T06:15:14.040

Modified: 2025-05-15T13:47:41.420

Link: CVE-2024-3749

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.