CVE-2024-3748

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager WordPress plugin versions 4.71 and earlier

Description The issue is related to missing validation in the upload function of the plugin, allowing a user to manipulate the user id variable to make it appear that a file was uploaded by another user. This can lead to unauthorized access.

Recommendations For SP Project & Document Manager WordPress plugin versions 4.71 and earlier: Update the plugin to the latest patched version immediately. As a temporary workaround, consider restricting access to the upload function to minimize the risk of exploitation.