Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SmartyPants — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting SmartyPants. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SmartyPants is a PHP-based templating engine primarily used for separating presentation logic from application code. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to insufficient input sanitization and insecure default configurations. The 11 recorded CVEs highlight consistent security concerns, particularly around sandbox escapes and unsafe variable handling. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests developers must implement strict input validation and maintain updated versions to mitigate risks associated with this templating solution.

Top products by SmartyPants: SP Project & Document Manager SP Project & Document Manager (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2024-31118 WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability — SP Project & Document ManagerCWE-862 6.5 Medium2026-02-17
CVE-2024-37224 WordPress SP Project & Document Manager plugin <= 4.71 - Directory Traversal vulnerability — SP Project & Document ManagerCWE-22 7.5 High2024-07-09
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update — SP Project & Document ManagerCWE-639 4.3 Medium2024-05-09
CVE-2024-33923 WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability — SP Project & Document ManagerCWE-862 6.3 Medium2024-05-03
CVE-2024-32551 WordPress SP Project & Document Manage plugin <= 4.71 - Auth. SQL Injection vulnerability — SP Project & Document ManagerCWE-89 7.6 High2024-04-18
CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection — SP Project & Document ManagerCWE-89 8.5 High2024-02-28
CVE-2023-36677 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection — SP Project & Document ManagerCWE-89 8.3 High2023-11-03
CVE-2023-36530 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS) — SP Project & Document ManagerCWE-79 5.9 Medium2023-08-10
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — SP Project & Document ManagerCWE-639 8.8 High2023-06-30
CVE-2022-34857 WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability — SP Project & Document Manager (WordPress plugin)CWE-79 6.1 Medium2022-08-22
CVE-2021-38315 SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting — SP Project & Document ManagerCWE-79 6.1 Medium2021-08-16

This page lists every published CVE security advisory associated with SmartyPants. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.