Primary

Context

Smartypants SP Project & Document Manager Missing Authorization Vulnerability Allowing Access Control Exploitation

Vulnerability

A missing authorization vulnerability has been identified in the Smartypants SP Project & Document Manager plugin for WordPress, affecting versions through 4.70. This vulnerability arises from incorrectly configured access control security levels, which can be exploited to perform actions without the necessary privileges.

Impact

Exploitation of this vulnerability could lead to broken access control, allowing users to perform actions or access resources that should be restricted.

Remediation

Users of the Smartypants SP Project & Document Manager plugin are advised to update to a version later than 4.70. For those seeking immediate protection, Patchstack offers a mitigation rule that can be applied until an official fix is available.

Added: Feb 17, 2026, 3:24 PM

Updated: Feb 17, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.0

remediation

7.9

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.0

remediation

7.9

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartypants SP Project & Document Manager Missing Authorization Vulnerability Allowing Access Control Exploitation

Vulnerability

Impact

Remediation

Affected Products

Smartypants SP Project & Document Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating