Which SP Project & Document Manager CVEs are tracked?

SP Project & Document Manager tracked CVEs include CVE-2024-32551, CVE-2014-9178, CVE-2024-24868, CVE-2023-36677, and CVE-2023-3063.

How many SP Project & Document Manager vulnerabilities have patch guidance?

23 of 23 tracked SP Project & Document Manager records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 23 known issues Latest disclosed Jun 21, 2024

SP Project & Document Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin SP Project & Document Manager (`sp-client-document-manager`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-37224, CVE-2024-1693 and CVE-2024-33923, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jun 27, 2024

Priority CVE Quick Links

Fast paths into SP Project & Document Manager CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-32551 Critical No patch listed

CVE-2024-32551 SP Project & Document Manager SQL Injection

SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton

CVE-2014-9178 Critical 2.4.4

CVE-2014-9178 SP Project & Document Manager SQL Injection

SP Project & Document Manager < 2.4.4 - Multiple SQL Injection

CVE-2024-24868 High 4.70

CVE-2024-24868 SP Project & Document Manager SQL Injection

SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode

CVE-2023-36677 High 4.68

CVE-2023-36677 SP Project & Document Manager SQL Injection

SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection

CVE-2023-3063 High 4.68

CVE-2023-3063 SP Project & Document Manager Authorization Bypass

SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

CVE-2021-4225 High 4.24

CVE-2021-4225 SP Project & Document Manager Arbitrary File Upload

SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload

CVE-2021-24347 High 4.22

CVE-2021-24347 SP Project & Document Manager Vulnerability

SP Project & Document Manager <= 4.21 - Authenticated Shell Upload

CVE-2024-31118 Medium No patch listed

CVE-2024-31118 SP Project & Document Manager Stored Cross-Site Scripting

SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for SP Project & Document Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

23 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

5 critical and 6 high severity findings.

Recent CVEs

CVE-2024-37224, CVE-2024-1693 and CVE-2024-33923

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-37224 Medium No patch listed

CVE-2024-37224: SP Project & Document Manager <= 4.71 - Authenticated (Subscriber+) Directory Traversal

The SP Project & Document Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.71. This makes it possible for authenticated attackers, wi...

Published

Jun 21, 2024

Patch Status

Not published

Open CVE-2024-37224 Report

CVE-2024-1693 Medium No patch listed

CVE-2024-1693: SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versio...

Published

May 07, 2024

Patch Status

Not published

Open CVE-2024-1693 Report

CVE-2024-33923 Medium No patch listed

CVE-2024-33923: SP Project & Document Manager <= 4.69 - Missing Authorization

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes...

Published

Apr 29, 2024

Patch Status

Not published

Open CVE-2024-33923 Report

Known Vulnerabilities

Reports for SP Project & Document Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2024-37224

CVE-2024-37224: SP Project & Document Manager <= 4.71 - Authenticated (Subscriber+) Directory Traversal

The SP Project & Document Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.71. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions on files outside of the originall...

Published

Jun 21, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.71

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-37224 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-1693

CVE-2024-1693: SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with su...

Published

May 07, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.70

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-1693 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-33923

CVE-2024-33923: SP Project & Document Manager <= 4.69 - Missing Authorization

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...

Published

Apr 29, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.69

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-33923 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-3749

CVE-2024-3749: SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference to Information Exposure

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the cdm_file_list AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attac...

Published

Apr 24, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.71

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-3749 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-3748

CVE-2024-3748: SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.71 via the sp_cdm_link_save_embed AJAX action to missing validation on the 'user_id' user controlled key. This makes it possible for au...

Published

Apr 24, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.71

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-3748 Report Open CVE Reference

Plugin Critical Patched: No CVE-2024-32551

CVE-2024-32551: SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton

The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 4.71 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Published

Apr 16, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.71

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-32551 Report Open CVE Reference

Plugin Medium Patched: No CVE-2024-31118

CVE-2024-31118: SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject mal...

Published

Mar 29, 2024

Patched Release

Not published

Affected Versions

Versions up to 4.70

Next Step

Open the full report for remediation notes and references.

Open CVE-2024-31118 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-24868

CVE-2024-24868: SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode

The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via the sp_cdm_display_project_shortcode_show function in versions up to, and including, 4.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

Published

Feb 02, 2024

Patched Release

4.70

Affected Versions

Versions up to 4.69

Next Step

Update to 4.70 or newer if supported.

Open CVE-2024-24868 Report Open CVE Reference

Plugin High Patched: Yes CVE-2023-36677

CVE-2023-36677: SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection

The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via an unknownparameter in versions up to, and including, 4.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

Published

Jun 30, 2023

Patched Release

4.68

Affected Versions

Versions up to 4.67

Next Step

Update to 4.68 or newer if supported.

Open CVE-2023-36677 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-36530

CVE-2023-36530: SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

The SP Project & Document Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.67 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Published

Jun 30, 2023

Patched Release

4.68

Affected Versions

Versions up to 4.67

Next Step

Update to 4.68 or newer if supported.

Open CVE-2023-36530 Report Open CVE Reference

Plugin High Patched: Yes CVE-2023-3063

CVE-2023-3063: SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources...

Published

Jun 29, 2023

Patched Release

4.68

Affected Versions

Versions up to 4.67

Next Step

Update to 4.68 or newer if supported.

Open CVE-2023-3063 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-34857

CVE-2022-34857: SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin

Published

Aug 10, 2022

Patched Release

4.62

Affected Versions

Versions up to 4.59

Next Step

Update to 4.62 or newer if supported.

Open CVE-2022-34857 Report Open CVE Reference