CVE-2025-5304
published 2025-06-28CVE-2025-5304: The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.5th percentile
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ptoffice | pt_project_notebooks | 1.0.0 – 1.1.3 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jjx8-42xr-xg34: The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() funct
ghsa_unreviewed·2025-06-28
CVE-2025-5304 [CRITICAL] CWE-862 GHSA-jjx8-42xr-xg34: The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() funct
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Red Hat
kernel: media: vivid: Change the siize of the composing
vendor_redhat·2025-07-04·CVSS 7.8
CVE-2025-38226 [HIGH] kernel: media: vivid: Change the siize of the composing
kernel: media: vivid: Change the siize of the composing
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: Change the siize of the composing
syzkaller found a bug:
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705
Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304
CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/
No detection rules found.
No public exploits indexed.
https://plugins.trac.wordpress.org/browser/project-notebooks/tags/1.1.3/includes/structure/admin/pto_admin_settings.php#L233https://plugins.trac.wordpress.org/browser/project-notebooks/tags/1.1.3/includes/structure/admin/pto_admin_settings.php#L36https://wordpress.org/plugins/project-notebooks/#developershttps://www.wordfence.com/threat-intel/vulnerabilities/id/552ec9fc-5bff-4bee-be04-39892c89cd59?source=cve
2025-06-28
Published