CVE-2025-12876 | Projectopia Plugin up to 5.1.19 on WordPress pto_delete_file authorization

December 5, 2025 Yanac

A vulnerability, which was classified as critical, was found in Projectopia Plugin up to 5.1.19 on WordPress. This issue affects the function pto_delete_file. Such manipulation leads to missing authorization.

This vulnerability is listed as CVE-2025-12876. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-12130 | WC Vendors Plugin up to 2.6.4 on WordPress delete cross-site request forgery
CVE-2025-12154 | Auto Thumbnailer Plugin up to 1.0 on WordPress uploadThumb unrestricted upload