Primary

Context

SOPlanning Broken Access Control Vulnerability in Project Status Endpoint

Vulnerability

Patched

A broken access control vulnerability has been identified in SOPlanning, specifically in the Project Status functionality of the '/status' endpoint. This vulnerability allows authenticated attackers to add, edit, and delete any status, due to the absence of proper permission checks. The issue affects all versions prior to 1.55.

Impact

Exploitation of this vulnerability allows for unauthorized modification of project status, including the addition, editing, and deletion of status entries.

Remediation

Users can upgrade to SOPlanning version 1.55 or later to address this vulnerability.

Added: Nov 20, 2025, 4:23 PM

Updated: Nov 20, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SOPlanning Broken Access Control Vulnerability in Project Status Endpoint

Vulnerability

Impact

Remediation

Affected Products

SOPlanning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating