CVE-2021-24347

Name of the Vulnerable Software and Affected Versions The SP Project & Document Manager WordPress plugin versions prior to 4.22

Description The issue allows users to upload files, but the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. However, it was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".

Recommendations For versions prior to 4.22, update to version 4.22 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation until the update is applied.