Known Vulnerabilities
CVE-2023-36677
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.
UNKNOWN
CVSS 8.8
Published Nov 03, 2023
CVE-2023-36530
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.
MEDIUM
CVSS 5.9
Published Aug 10, 2023