CVE-2025-3952

Name of the Vulnerable Software and Affected Versions The Projectopia – WordPress Project Management plugin for WordPress versions up to, and including, 5.1.16

Description The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing capability check on the pto remove logo function. Authenticated attackers with Subscriber-level access and above can delete arbitrary option values on the WordPress site, which can be leveraged to create an error and deny service to legitimate users.

Recommendations For versions up to, and including, 5.1.16, update to a version higher than 5.1.16 to resolve the issue. As a temporary workaround, consider restricting access to the pto remove logo function until a patch is available.