cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forprojectopia-core projectopia-core

Direction: ascending
Jun 07, 2024

Projectopia – WordPress Project Management Plugin # 2db7924c9dde4387714fa1f90f5f6398082aa2af

CVE, Research URL

2db7924c9dde4387714fa1f90f5f6398082aa2af

Home page URL

Security reports for Projectopia – WordPress Project Management Plugin

Application

Projectopia – WordPress Project Management Plugin

Date
Feb 28, 2022
Research Description
Projectopia &#8211; WordPress Project Management Plugin [projectopia-core] < 5.0.7 WordPress Projectopia – WordPress Project Management Plugin plugin < 5.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Projectopia – WordPress Project Management Plugin plugin (versions < 5.0.7).
Affected versions
Min -, max -.
Status
vulnerable
Dec 15, 2024

Projectopia &#8211; WordPress Project Management Plugin # CVE-2024-54336

CVE, Research URL

CVE-2024-54336

Home page URL

Security reports for Projectopia &#8211; WordPress Project Management Plugin

Application

Projectopia &#8211; WordPress Project Management Plugin

Date
Dec 13, 2024
Research Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7.
Affected versions
Min -, max -.
Status
vulnerable
Apr 20, 2025

Projectopia &#8211; WordPress Project Management Plugin # CVE-2025-32648

CVE, Research URL

CVE-2025-32648

Home page URL

Security reports for Projectopia &#8211; WordPress Project Management Plugin

Application

Projectopia &#8211; WordPress Project Management Plugin

Date
Apr 17, 2025
Research Description
Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.
Affected versions
Min -, max -.
Status
vulnerable
May 05, 2025

Projectopia &#8211; WordPress Project Management Plugin # CVE-2025-3952

CVE, Research URL

CVE-2025-3952

Home page URL

Security reports for Projectopia &#8211; WordPress Project Management Plugin

Application

Projectopia &#8211; WordPress Project Management Plugin

Date
May 01, 2025
Research Description
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
Affected versions
Min -, max -.
Status
vulnerable