MidnightBSD

Advisories for smartypantsplugins

CVE-2013-3529 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
smartypantsplugins wp-funeral-press 1.1.2
smartypantsplugins wp-funeral-press *
smartypantsplugins wp-funeral-press 1.0.4
smartypantsplugins wp-funeral-press 1.1.4
smartypantsplugins wp-funeral-press 1.0.1
smartypantsplugins wp-funeral-press 1.0.3
smartypantsplugins wp-funeral-press 1.0.7
smartypantsplugins wp-funeral-press 1.0.2
smartypantsplugins wp-funeral-press 1.0.5
smartypantsplugins wp-funeral-press 1.1.0
smartypantsplugins wp-funeral-press 1.1.3
smartypantsplugins wp-funeral-press 1.0.9
CVE-2014-9178 HIGH

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2021-24347 MEDIUM

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-178,CWE-178,

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2021-38315 MEDIUM

The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security@wordfence.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2021-38324 MEDIUM

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
smartypantsplugins sp_rental_manager *
CVE-2021-4225 MEDIUM

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2022-1551

The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2022-34857

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
audit@patchstack.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2023-36530

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2023-36677

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2024-24868

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 8.5 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L 3.1 4.7

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2024-37224

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.71.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *
CVE-2024-3749

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user

Products Affected

Vendor Product Version
smartypantsplugins sp_project_&_document_manager *