cleantalk
Vulnerabilities and Security Researches

Projectopia – WordPress Project Management Plugin, CVE-2025-3952

CVE, Research URL

CVE-2025-3952

Home page URL

Security reports for Projectopia – WordPress Project Management Plugin

Application

Projectopia – WordPress Project Management Plugin

Published on
May 01, 2025
Research Description
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
Affected versions
Min -, max 5.1.17.
Status
vulnerable
Previous vulnerability researches
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2025-3102) , Apr 10, 2025
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2024-5485) , Jun 07, 2024
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2023-49749) , Jun 07, 2024
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2025-27007) , May 03, 2025
New vulnerability
Mailing Group Listserv (CVE-2025-46463) , May 05, 2025
Tayori Form Plugin (CVE-2025-46437) , May 05, 2025
Document Management System (CVE-2025-46448) , May 05, 2025
SEUR Oficial (CVE-2025-46474) , May 05, 2025
Easy Child Theme Creator (CVE-2025-39375) , May 05, 2025