Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and previous versions for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartypantsplugins sp project \\& document manager |