CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Explanation of Vulnerability in Simple Terms
PT Project Notebooks versions 1.0.0 through 1.1.3 lack proper authorization checks, allowing unauthenticated attackers to read, modify, or delete data without permission. The vulnerability affects all core functions of the application and requires no user interaction to exploit. Site administrators should update to a version newer than 1.1.3 immediately.
What an attacker can do
Read, modify, or delete any data in the application without logging in.
Potential impact on your site
All project notebooks, meeting minutes, budgets, and task data are exposed to unauthorized access and modification.
Conditions required to exploit
Network access to the application; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities
