Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-3748

May 15, 2024, 4:40 p.m.

Tags

contact@wpscan.com
2024-05-15
CVE-2024-3748

Product(s) Impacted

SP Project & Document Manager WordPress plugin

  • through 4.71

Description

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user

Weaknesses

Date

Published: May 15, 2024, 6:15 a.m.

Last Modified: May 15, 2024, 4:40 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

contact@wpscan.com

References

https://wpscan.com/ contact@wpscan.com