The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
2024-05-15T06:15:13.690
2025-05-15T13:50:23.313
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | smartypantsplugins | sp_project_\&_document_manager | ≤ 4.71 | Yes |