CVE-2024-3749 Information

Description

The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user

Reference

https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/