Primary

Context

PT Project Notebooks WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the PT Project Notebooks plugin for WordPress, affecting versions 1.0.0 through 1.1.3. The issue arises from missing authorization in the 'wpnb_pto_new_users_add' function, allowing unauthenticated attackers to elevate their privileges to that of an administrator.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain administrative privileges on the WordPress site.

Reproduction

To reproduce this vulnerability, send a request to the 'wpnb_pto_new_users_add' action via 'admin-ajax.php' without the necessary authorization. This can be done by an unauthenticated user, as the 'wpnb_pto_new_users_add' action is registered for both authenticated and unauthenticated users without proper checks.

Added: Jun 28, 2025, 6:18 AM

Updated: Jun 28, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PT Project Notebooks WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating