CVE-2025-5304 – PT Project Notebooks WordPress Privilege Escalation

June 28, 2025

CVE ID : CVE-2025-5304

Published : June 28, 2025, 6:15 a.m. | 4 hours, 14 minutes ago

Description : The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6755 – WordPress Game Users Share Buttons Plugin Remote Code Execution and File Deletion Vulnerability

Next Article Best Free and Open Source Alternatives to Microsoft Minesweeper

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2025-5304 – PT Project Notebooks WordPress Privilege Escalation

⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

CVE-2025-2771 – BEC Technologies Router Authentication Bypass Vulnerability

CVE-2025-5423 – Juzaweb CMS Remote Code Execution Vulnerability

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

CVE-2024-36340 – AMD uProf File Deletion/Disclosure Junction Point Vulnerability

CVE-2025-52822 – Iqonic Design WP Roadmap SQL Injection Vulnerability

CVE-2025-53320 – Wp Enhanced Free Downloads EDD Cross-site Scripting

CSS shape() Commands

WordPress’ new AI website builder helps you quickly create your own site – and it’s free

CVE-2025-5304 – PT Project Notebooks WordPress Privilege Escalation

Related Posts