PT-2022-13952 · WordPress · Sp Project & Document Manager
Viktor Markopoulos
·
Published
2022-07-25
·
Updated
2023-08-02
·
CVE-2022-1551
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The SP Project & Document Manager WordPress plugin versions prior to 4.58
Description
The issue allows bad actors to access other users' sensitive files due to an easily guessable path used to store user files.
Recommendations
For versions prior to 4.58, update to version 4.58 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files until the update is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sp Project & Document Manager