VYPR
Unrated severityNVD Advisory· Published Jun 28, 2025· Updated Jun 30, 2025

PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function

CVE-2025-5304

Description

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: 1.0.0 – 1.1.3
  • blafoley/PT Project Notebooks – Take Meeting minutes, create budgets, track task management, and morev5
    Range: 1.0.0
  • WordPress/Notebookswp-canonicalize

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-5304 · VYPR