{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3952", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-25T22:06:55.889Z", "datePublished": "2025-05-01T04:22:57.655Z", "dateUpdated": "2026-04-08T17:28:18.803Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:18.803Z"}, "affected": [{"vendor": "projectopia", "product": "Projectopia \u2013 Project Management Tool", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.16", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Projectopia \u2013 WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users."}], "title": "Projectopia &#8211; WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/admin/admin_functions.php#L838"}, {"url": "https://plugins.trac.wordpress.org/changeset/3284330/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-04-30T15:45:10.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T13:10:03.259127Z", "id": "CVE-2025-3952", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:10:12.167Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T13:10:03.259127Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:10:08.020Z"}}], "cna": {"title": "Projectopia &#8211; WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}}], "affected": [{"vendor": "projectopia", "product": "Projectopia \u2013 Project Management Tool", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.1.16"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-30T15:45:10.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/admin/admin_functions.php#L838"}, {"url": "https://plugins.trac.wordpress.org/changeset/3284330/"}], "descriptions": [{"lang": "en", "value": "The Projectopia \u2013 WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:18.803Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3952", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:28:18.803Z", "dateReserved": "2025-04-25T22:06:55.889Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-01T04:22:57.655Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:projectopia:projectopia:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "27C14F7C-656F-45AB-AB00-8D2E2B96AFE8", "versionEndExcluding": "5.1.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Projectopia \u2013 WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users."}, {"lang": "es", "value": "El complemento Projectopia \u2013 WordPress Project Management de WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos, lo que puede provocar una denegaci\u00f3n de servicio debido a la falta de comprobaci\u00f3n de la funci\u00f3n \u00abpto_remove_logo\u00bb en todas las versiones hasta la 5.1.16 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, eliminar valores de opciones arbitrarios en el sitio de WordPress. Esto puede aprovecharse para eliminar una opci\u00f3n que generar\u00eda un error en el sitio y denegar\u00eda el servicio a usuarios leg\u00edtimos."}], "id": "CVE-2025-3952", "lastModified": "2025-05-19T11:54:42.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-05-01T05:15:52.020", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/admin/admin_functions.php#L838"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3284330/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:02:13.034796+00:00", "value": {"mitigation_remediation": ["Update the Projectopia plugin to version 5.1.17 or later", "If an immediate update is not possible, modify the plugin\u2019s admin_functions.php file for pto_remove_logo to add a capability check such as current_user_can('manage_options') so that only administrators can call the function", "Reassess the capabilities assigned to Subscriber level users or use a role\u2011management plugin to remove the ability for those users to delete options"], "summary": {"action": "Patch Immediately", "impact": "Denial of Service via privileged option deletion"}, "threat_synthesis": {"affected_systems": "All releases of the Projectopia \u2013 Project Management Tool plugin for WordPress up to and including version 5.1.16 are affected. Any WordPress installation that has this plugin installed and has users with Subscriber or higher privileges is vulnerable until the plugin is updated beyond 5.1.16. ", "description_and_impact": "The Projectopia plugin for WordPress contains a missing capability check in the pto_remove_logo function. Authenticated users with the Subscriber role or higher can delete any WordPress option value. Removing a critical option can trigger a site error that disrupts the entire site, denying service to legitimate users. The weakness corresponds to CWE\u2011862, missing authorization. ", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high impact on availability, and the EPSS score of less than 1% suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalogue. The likely attack vector is authenticated, as authenticated requests to the admin interface or any authenticated call to the pto_remove_logo action can trigger the flaw. Attackers require only basic access rights; no further privileges are granted. "}}}}, "created": "2026-04-21T21:15:45.444165+00:00", "updated": "2026-04-21T21:15:45.444176+00:00", "vendors": []}