Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.

Published

2023-06-30T02:15:09.457

Last Modified

2024-11-21T08:16:21.533

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	smartypantsplugins	sp_project_\&_document_manager	≤ 4.67	Yes

References

https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L149 Patch ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve Third Party Advisory ([email protected])
https://plugins.trac.wordpress.org/browser/sp-client-document-manager/trunk/classes/ajax.php#L149 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)