CVE-2021-4225

HIGH

SP Project & Document Manager WordPress <4.24 - Auth Bypass

Title source: llm

Description

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/bd1083d1-edcc-482e-a8a9-c8b6c8d417bd

Exploit, Third Party Advisory x_refsource_misc

https://github.com/pang0lin/CVEproject/blob/main/wordpress_SP-Project_fileupload.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0155

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

smartypantsplugins/sp_project_\&_document_manager < 4.24

Published Apr 25, 2022

Tracked Since Feb 18, 2026