Back

CVE-2024-3748

May 15, 2024, 4:40 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SP Project & Document Manager WordPress plugin

  • through 4.71

Source

contact@wpscan.com

Tags

contact@wpscan.com
2024-05-15
CVE-2024-3748

CVE-2024-3748 details

Published : May 15, 2024, 6:15 a.m.
Last Modified : May 15, 2024, 4:40 p.m.

Description

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/ contact@wpscan.com
This website uses the NVD API, but is not approved or certified by it.