WordPress Plugin Vulnerabilities

SP Project & Document Manager < 4.68 - Subscriber+ Insecure Direct Object References

Description

The plugin allows direct access to objects, allowing an authenticated user with subscriber privileges or above, to bypass authorization and change user passwords and potentially take over administrator accounts.

Affects Plugins

Plugin icon
sp-client-document-manager
Fixed in 4.68

References

CVE
CVE-2023-3063
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/sp-client-document-manager/sp-project-document-manager-467-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
c30b2378-59d4-4c2e-8c65-ea9772ba96cb

Timeline

Publicly Published
2023-06-29 (about 2 years ago)
Added
2023-07-03 (about 2 years ago)
Last Updated
2023-07-19 (about 2 years ago)

Other

Published
Title
Published
2021-03-17
Title
BuddyPress < 7.2.1 - Force a Friendship
Published
2024-12-03
Title
Dollie Hub – Build Your Own WordPress Cloud Platform < 6.2.1 - Authenticated (Contributor+) Post Disclosure
Published
2025-07-21
Title
WP JobHunt <= 7.2 - Subscriber+ Arbitrary Account Deletion via IDOR
Published
2024-08-16
Title
Propovoice CRM <= 1.7.8 - Unauthenticated Insecure Direct Object Reference
Published
2026-02-17
Title
Frontend User Notes < 2.1.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification