Assigner | WPScan |
Reserved | 2024-04-12 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
Problem types
CWE-639 Authorization Bypass Through User-Controlled Key
Product status
Any version
Credits
fewwords
WPScan
References
https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/