Projectopia
Monthly
Information disclosure in the Projectopia WordPress plugin (versions <= 5.1.25.2) allows remote unauthenticated attackers to access custom role data belonging to other users via Insecure Direct Object Reference flaws. The CVSS 7.5 score reflects high confidentiality impact with no integrity or availability consequences, and no public exploit identified at time of analysis.
The Projectopia - WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Information disclosure in the Projectopia WordPress plugin (versions <= 5.1.25.2) allows remote unauthenticated attackers to access custom role data belonging to other users via Insecure Direct Object Reference flaws. The CVSS 7.5 score reflects high confidentiality impact with no integrity or availability consequences, and no public exploit identified at time of analysis.
The Projectopia - WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.