CVE-2022-34857 MEDIUM

CVE-2022-34857: WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability

Vendor Smartypants
Product SP Project & Document Manager (WordPress plugin)
Weakness CWE-79 · XSS
Published August 22, 2022
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress

Key dates

02Disclosure timeline

August 22, 2022 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2518 MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php cross site scripting CVE-2024-20300 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability CVE-2023-32108 WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS) CVE-2022-1095 Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting CVE-2016-15008 oxguy3 coebot-www channel.js showChannelBoir cross site scripting