cleantalk
Vulnerabilities and Security Researches

Portfolio and Projects, 1e5ab0d376bb286eb9f3c02b0bc3818f419fb17d

CVE, Research URL

1e5ab0d376bb286eb9f3c02b0bc3818f419fb17d

Home page URL

Security reports for Portfolio and Projects

Application

Portfolio and Projects

Published on
Aug 11, 2023
Research Description
Portfolio and Projects [portfolio-and-projects] < 1.3.8 WordPress Portfolio and Projects Plugin <= 1.3.7 is vulnerable to Broken Access Control Update the WordPress Portfolio and Projects plugin to the latest available version (at least 1.3.8). Cat discovered and reported this Broken Access Control vulnerability in WordPress Portfolio and Projects Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 1.3.8.
Affected versions
Min -, max 1.3.8.
Status
vulnerable
Previous vulnerability researches
Portfolio and Projects (CVE-2024-13847) , Mar 15, 2025
Portfolio and Projects (1e5ab0d376bb286eb9f3c02b0bc3818f419fb17d) , Jun 07, 2024
Portfolio and Projects (CVE-2023-39995) , Jun 10, 2024
Portfolio and Projects (CVE-2023-40200) , Jun 10, 2024
New vulnerability
Arconix Shortcodes (CVE-2025-49858) , Jun 19, 2025
Responsive Starter Templates &#8211; Elementor &amp; WordPress Templates (CVE-2025-49856) , Jun 19, 2025
WP VR &#8211; 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-47452) , Jun 19, 2025
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2025-49872) , Jun 19, 2025
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2025-49857) , Jun 19, 2025