CYBERHAWK / CVE / CVE-2026-10737

CVE-2026-10737

SP Project & Document Manager WordPress Plugin

HIGH CVSS 7.5 vibe

The flaw

Missing capability check on view_file function allows unauthenticated access to file metadata and download links.

What to do

Update SP Project & Document Manager plugin to version later than 4.71

▸ Scan my repo for CVE-2026-10737

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-06-05 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits