Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32648

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-17 Apr, 2025 | 15:47
Updated At-17 Apr, 2025 | 18:34
Rejected At-
Credits

WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:17 Apr, 2025 | 15:47
Updated At:17 Apr, 2025 | 18:34
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.

Affected Products
Vendor
Projectopia
Product
Projectopia
Collection URL
https://wordpress.org/plugins
Package Name
projectopia-core
Default Status
unaffected
Versions
Affected
  • From n/a through 5.1.16 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266 Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266 Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
astra.r3verii (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-project-magement-plugin-5-1-15-privilege-escalation-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-project-magement-plugin-5-1-15-privilege-escalation-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Apr, 2025 | 16:15
Updated At:17 Apr, 2025 | 20:21

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Primaryaudit@patchstack.com
CWE ID: CWE-266
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-project-magement-plugin-5-1-15-privilege-escalation-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-project-magement-plugin-5-1-15-privilege-escalation-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2024-52442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 11:56
Updated-20 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0.

Action-Not Available
Vendor-Userplususerplus
Product-UserPlususerplus
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-50485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-10.23% / 92.84%
||
7 Day CHG+0.49%
Published-29 Oct, 2024 | 08:35
Updated-29 Oct, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability

: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.

Action-Not Available
Vendor-Udit Rawatudit_rawat
Product-Exam Matrixexam_matrix
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-32980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.85%
||
7 Day CHG+0.06%
Published-25 Apr, 2025 | 00:00
Updated-25 Aug, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49322
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.33%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:38
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.

Action-Not Available
Vendor-CodePassengercodepassenger
Product-Job Board Manager for WordPressjob_board_manager_for_wordpress
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-54229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.13%
||
7 Day CHG+0.02%
Published-16 Dec, 2024 | 15:18
Updated-16 Dec, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.

Action-Not Available
Vendor-Straightvisions GmbH
Product-SV100 Companion
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-4272
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FeMiner wms unrestricted upload

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.

Action-Not Available
Vendor-warehouse_management_system_projectFeMiner
Product-warehouse_management_systemwms
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4276
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
House Rental System POST Request tenant-engine.php unrestricted upload

A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.

Action-Not Available
Vendor-house_rental_system_projectunspecified
Product-house_rental_systemHouse Rental System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-4232
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 10.77%
||
7 Day CHG+0.01%
Published-30 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Event Registration System unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-rinvizleSourceCodester
Product-event_registration_systemEvent Registration System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.85%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 13:47
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.

Action-Not Available
Vendor-Favethemes
Product-Homey
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-32555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-21 Jan, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Real Estate plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.

Action-Not Available
Vendor-NotFound
Product-Easy Real Estate
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-28000
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-32.28% / 96.68%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 13:53
Updated-17 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologieslitespeedtech
Product-litespeed_cacheLiteSpeed Cachelitespeed_cache
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • Next
Details not found