Critical risk with SP Project & Document Manager

  • On one of my managed sites, Wordfence and Really Simple SSL report a critical risk with SP Project & Document Manager:

    “The SP Project & Document Manager plugin for WordPress has a security issue called SQL Injection. This means that there is a problem with the way the plugin handles a certain type of information. Attackers with a certain level of access can use this issue to access sensitive information from the database. This problem affects all versions up to and including 4.71.”

    I have tried deactivating the plugin but discovered that it is linked to my paid version of SP Client Document Manager Premium. It appears that I can only deactivate SP Project & Document Manager if I also deactivate SP Client Document Manager Premium, which prevents my document management system from running. This is a critical issue, please advise.

Viewing 2 replies - 1 through 2 (of 2 total)
  • webvisuals

    (@webvisuals)

    I have had the same detection on a Clients site with this plugin on a Cloudways server. This is the message I receive below. Hopefully we get some notification this is being worked on.

    Here are the detected vulnerabilities in your application:
    Plugin(s):

    • WordPress SP Project & Document Manager plugin <= 4.71 – Directory Traversal vulnerability
    Thread Starter nigeld67

    (@nigeld67)

    I raised a support ticket with Smarty Pants Plugins regarding this critical risk on June 17, 2024, but I have yet to receive a reply.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.