Headline
CVE-2022-34857: WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
Verified
Fixed
6.1
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
36ad25333709
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Publicly disclosed
2022-08-10
Details
Reflected Cross-Site Scripting (XSS) vulnerability discovered by Vlad Vector (Patchstack) in WordPress SP Project & Document Manager plugin (versions <= 4.59).
Solution
Update the WordPress SP Project & Document Manager plugin to the latest available version (at least 4.62).
References