Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3952

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.

Published

2025-05-01T05:15:52.020

Last Modified

2025-05-19T11:54:42.067

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	projectopia	projectopia	< 5.1.17	Yes

References

https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/admin/admin_functions.php#L838 Product ([email protected])
https://plugins.trac.wordpress.org/changeset/3284330/ Patch ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve Third Party Advisory ([email protected])