WP-Safety

PT Project Notebooks Security & Risk Analysis

wordpress.org/plugins/project-notebooks

WordPress event & project management: meeting minutes, track tasks, create budgets, and publish project notebooks to the front-end.

30 active installs v1.2.0 PHP 8.0+ WP 6.0+ Updated Sep 26, 2025
event-plannerkanbannotebookproject-managementtasks
95
A · Safe
CVEs total1
Unpatched0
Last CVEJun 27, 2025
Plugin page Download
Safety Verdict

Is PT Project Notebooks Safe to Use in 2026?

Generally Safe

Score 95/100

PT Project Notebooks has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 27, 2025Updated 7mo ago
Risk Assessment

The "project-notebooks" v1.2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of dangerous functions and external HTTP requests are also strengths. However, a significant concern lies in its attack surface. With 70 AJAX handlers, 10 of which lack proper authentication checks, there's a substantial opportunity for unauthorized actions to be performed by unauthenticated users. The presence of a past critical vulnerability, specifically a "Missing Authorization" type, in its history is a red flag, even though it's currently patched. This historical pattern, combined with the current lack of authentication on a portion of its AJAX endpoints, suggests a recurring or potential area of weakness that requires careful monitoring.

While the taint analysis shows no flows, indicating no immediate exploitable data leakage or injection vulnerabilities detected in the analyzed code paths, the identified unprotected AJAX handlers remain a direct and actionable security risk. The plugin's reliance on DataTables as a bundled library, while common, also warrants attention for potential version-specific vulnerabilities, although no specific issues are highlighted in this report. Overall, the plugin has made strides in secure coding but has a critical area of concern regarding authentication on its AJAX endpoints that must be addressed to significantly improve its security.

Key Concerns

  • Unprotected AJAX handlers
  • Past critical vulnerability (Missing Authorization)
Vulnerabilities
1 published

PT Project Notebooks Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2025-5304critical · 9.8Missing Authorization

PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function

Jun 27, 2025 Patched in 1.2.0 (159d)
Version History

PT Project Notebooks Release Timeline

v1.2.0Current
v1.1.31 CVE
CVE-2025-5304
v1.1.21 CVE
CVE-2025-5304
v1.1.11 CVE
CVE-2025-5304
v1.1.01 CVE
CVE-2025-5304
v1.0.91 CVE
CVE-2025-5304
v1.0.81 CVE
CVE-2025-5304
v1.0.71 CVE
CVE-2025-5304
v1.0.61 CVE
CVE-2025-5304
v1.0.51 CVE
CVE-2025-5304
v1.0.41 CVE
CVE-2025-5304
v1.0.31 CVE
CVE-2025-5304
v1.0.21 CVE
CVE-2025-5304
v1.0.11 CVE
CVE-2025-5304
v1.0.01 CVE
CVE-2025-5304
Code Analysis
Analyzed Mar 16, 2026

PT Project Notebooks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
33
746 escaped
Nonce Checks
34
Capability Checks
37
File Operations
4
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

96% escaped779 total outputs
Attack Surface
10 unprotected

PT Project Notebooks Attack Surface

Entry Points71
Unprotected10

AJAX Handlers 70

noprivwp_ajax_wpnb_pto_cpt_filter_actionincludes\class-ptoffice.php:39
authwp_ajax_wpnb_pto_cpt_filter_actionincludes\class-ptoffice.php:40
noprivwp_ajax_wpnb_pto_get_mettingpost_contentincludes\class-ptoffice.php:42
authwp_ajax_wpnb_pto_get_mettingpost_contentincludes\class-ptoffice.php:43
noprivwp_ajax_wpnb_pto_get_notepost_contentincludes\class-ptoffice.php:45
authwp_ajax_wpnb_pto_get_notepost_contentincludes\class-ptoffice.php:46
noprivwp_ajax_pto_notebook_meeting_notes_sortingincludes\class-ptoffice.php:54
authwp_ajax_pto_notebook_meeting_notes_sortingincludes\class-ptoffice.php:55
noprivwp_ajax_wpnb_pto_get_users_data_in_mettingincludes\cpt-hooksdetails.php:34
authwp_ajax_wpnb_pto_get_users_data_in_mettingincludes\cpt-hooksdetails.php:35
noprivwp_ajax_wpnb_pto_get_users_data_in_adminincludes\cpt-hooksdetails.php:37
authwp_ajax_wpnb_pto_get_users_data_in_adminincludes\cpt-hooksdetails.php:38
noprivwp_ajax_wpnb_pto_single_user_delete_in_mettingincludes\cpt-hooksdetails.php:40
authwp_ajax_wpnb_pto_single_user_delete_in_mettingincludes\cpt-hooksdetails.php:41
noprivwp_ajax_wpnb_pto_trash_cptincludes\cpt-hooksdetails.php:43
authwp_ajax_wpnb_pto_trash_cptincludes\cpt-hooksdetails.php:44
noprivwp_ajax_wpnb_pto_single_post_task_statusincludes\cpt-hooksdetails.php:46
authwp_ajax_wpnb_pto_single_post_task_statusincludes\cpt-hooksdetails.php:47
noprivwp_ajax_wpnb_pto_drag_single_post_task_statusincludes\cpt-hooksdetails.php:49
authwp_ajax_wpnb_pto_drag_single_post_task_statusincludes\cpt-hooksdetails.php:50
noprivwp_ajax_wpnb_pto_budget_add_valueincludes\cpt-hooksdetails.php:52
authwp_ajax_wpnb_pto_budget_add_valueincludes\cpt-hooksdetails.php:53
noprivwp_ajax_wpnb_render_meta_box_content_mettingincludes\cpt-project.php:24
authwp_ajax_wpnb_render_meta_box_content_mettingincludes\cpt-project.php:25
noprivwp_ajax_wpnb_render_meta_box_content_notesincludes\cpt-project.php:26
authwp_ajax_wpnb_render_meta_box_content_notesincludes\cpt-project.php:27
noprivwp_ajax_wpnb_render_meta_box_content_tasksincludes\cpt-project.php:28
authwp_ajax_wpnb_render_meta_box_content_tasksincludes\cpt-project.php:29
noprivwp_ajax_wpnb_render_meta_box_content_budgetsincludes\cpt-project.php:30
authwp_ajax_wpnb_render_meta_box_content_budgetsincludes\cpt-project.php:31
noprivwp_ajax_wpnb_get_all_pm_usersincludes\cpt-project.php:32
authwp_ajax_wpnb_get_all_pm_usersincludes\cpt-project.php:33
noprivwp_ajax_wpnb_get_all_project_managerincludes\cpt-project.php:34
authwp_ajax_wpnb_get_all_project_managerincludes\cpt-project.php:35
noprivwp_ajax_wpnb_delete_pmuser_from_postincludes\cpt-project.php:36
authwp_ajax_wpnb_delete_pmuser_from_postincludes\cpt-project.php:37
noprivwp_ajax_wpnb_get_all_pto_request_projectsincludes\cpt-project.php:38
authwp_ajax_wpnb_get_all_pto_request_projectsincludes\cpt-project.php:39
noprivwp_ajax_wpnb_get_pto_request_projects_acceptincludes\cpt-project.php:40
authwp_ajax_wpnb_get_pto_request_projects_acceptincludes\cpt-project.php:41
noprivwp_ajax_wpnb_get_pto_request_projects_declineincludes\cpt-project.php:42
authwp_ajax_wpnb_get_pto_request_projects_declineincludes\cpt-project.php:43
noprivwp_ajax_wpnb_task_kanban_viewincludes\cpt-project.php:45
authwp_ajax_wpnb_task_kanban_viewincludes\cpt-project.php:46
noprivwp_ajax_wpnb_task_kanban_view_statusincludes\cpt-project.php:47
authwp_ajax_wpnb_task_kanban_view_statusincludes\cpt-project.php:48
noprivwp_ajax_wpnb_task_kanban_view_status_deleteincludes\cpt-project.php:49
authwp_ajax_wpnb_task_kanban_view_status_deleteincludes\cpt-project.php:50
noprivwp_ajax_wpnb_cpt_project_attechmentincludes\cpt-project.php:53
authwp_ajax_wpnb_cpt_project_attechmentincludes\cpt-project.php:54
noprivwp_ajax_wpnb_pto_restore_cpt_projectincludes\cpt-project.php:55
authwp_ajax_wpnb_pto_restore_cpt_projectincludes\cpt-project.php:56
noprivwp_ajax_wpnb_update_task_show_dataincludes\cpt-project.php:58
authwp_ajax_wpnb_update_task_show_dataincludes\cpt-project.php:59
noprivwp_ajax_wpnb_pto_users_deletdincludes\structure\admin\pto_admin_settings.php:21
authwp_ajax_wpnb_pto_users_deletdincludes\structure\admin\pto_admin_settings.php:22
noprivwp_ajax_wpnb_pto_new_users_addincludes\structure\admin\pto_admin_settings.php:24
authwp_ajax_wpnb_pto_new_users_addincludes\structure\admin\pto_admin_settings.php:25
noprivwp_ajax_wpnb_pto_new_users_add_getincludes\structure\admin\pto_admin_settings.php:27
authwp_ajax_wpnb_pto_new_users_add_getincludes\structure\admin\pto_admin_settings.php:28
noprivwp_ajax_wpnb_pto_resend_invitationincludes\structure\admin\pto_admin_settings.php:30
authwp_ajax_wpnb_pto_resend_invitationincludes\structure\admin\pto_admin_settings.php:31
noprivwp_ajax_wpnb_pto_new_email_system_saveincludes\structure\admin\pto_admin_settings.php:33
authwp_ajax_wpnb_pto_new_email_system_saveincludes\structure\admin\pto_admin_settings.php:34
noprivwp_ajax_wpnb_get_all_pto_projectsincludes\structure\frontend\pto_frontend.php:29
authwp_ajax_wpnb_get_all_pto_projectsincludes\structure\frontend\pto_frontend.php:30
noprivwp_ajax_wpnb_get_metting_filterincludes\structure\frontend\pto_frontend.php:32
authwp_ajax_wpnb_get_metting_filterincludes\structure\frontend\pto_frontend.php:33
noprivwp_ajax_wpnb_get_notes_filterincludes\structure\frontend\pto_frontend.php:35
authwp_ajax_wpnb_get_notes_filterincludes\structure\frontend\pto_frontend.php:36

Shortcodes 1

[project-all-listing] includes\structure\frontend\pto_frontend.php:28
WordPress Hooks 60
filterpost_row_actionsincludes\class-archivecpt.php:38
actionadmin_action_wpnb_pto_archive_projectincludes\class-archivecpt.php:39
actioninitincludes\class-archivecpt.php:42
actionadmin_footer-edit.phpincludes\class-archivecpt.php:45
actionpost_submitbox_misc_actionsincludes\class-archivecpt.php:46
filterdisplay_post_statesincludes\class-archivecpt.php:47
filteruse_block_editor_for_post_typeincludes\class-cptcreate.php:29
actioninitincludes\class-cptcreate.php:32
actioninitincludes\class-cptcreate.php:33
actioninitincludes\class-cptcreate.php:34
actioninitincludes\class-cptcreate.php:35
actioninitincludes\class-cptcreate.php:36
actioninitincludes\class-cptcreate.php:37
actionadd_meta_boxesincludes\class-cptcreate.php:40
actionadd_meta_boxesincludes\class-cptcreate.php:41
actionadd_meta_boxesincludes\class-cptcreate.php:42
actionadd_meta_boxesincludes\class-cptcreate.php:43
actionadd_meta_boxesincludes\class-cptcreate.php:44
actionadd_meta_boxesincludes\class-cptcreate.php:45
actionsave_postincludes\class-cptcreate.php:48
actionadmin_initincludes\class-cptduplicate.php:26
actionadmin_action_wpnb_rd_duplicate_post_as_draft_projectincludes\class-cptduplicate.php:29
actionadmin_noticesincludes\class-cptduplicate.php:30
filterpost_row_actionsincludes\class-cptduplicate.php:55
filterpage_row_actionsincludes\class-cptduplicate.php:56
actioninitincludes\class-project-setting.php:30
actioninitincludes\class-project-setting.php:31
actionadmin_enqueue_scriptsincludes\class-ptoffice.php:32
actionwp_enqueue_scriptsincludes\class-ptoffice.php:33
actionadmin_initincludes\class-ptoffice.php:35
actionadmin_initincludes\class-ptoffice.php:36
actionwp_headincludes\class-ptoffice.php:48
actionload-edit.phpincludes\class-ptoffice.php:49
filterplugin_action_linksincludes\class-ptoffice.php:51
actionsave_post_pto-meetingincludes\cpt-hooksdetails.php:26
actionsave_post_pto-projectincludes\cpt-hooksdetails.php:27
actionsave_post_pto-noteincludes\cpt-hooksdetails.php:28
actionsave_post_pto-tasksincludes\cpt-hooksdetails.php:29
actionsave_post_pto-kanbanincludes\cpt-hooksdetails.php:30
actionsave_post_pto-budget-itemsincludes\cpt-hooksdetails.php:31
actionadmin_menuincludes\cpt-hooksdetails.php:55
filtertemplate_includeincludes\cpt-hooksdetails.php:57
actionadd_meta_boxesincludes\cpt-project.php:19
actioninitincludes\cpt-project.php:20
actioninitincludes\cpt-project.php:21
actionadmin_menuincludes\cpt-project.php:22
actionwp_loadedincludes\cpt-project.php:23
actionadd_meta_boxesincludes\cpt-project.php:44
actionadmin_footerincludes\cpt-project.php:51
actionadd_meta_boxesincludes\cpt-project.php:52
actiondo_meta_boxesincludes\cpt-project.php:57
filteradmin_body_classincludes\cpt-project.php:60
actioninitincludes\cpt-project.php:61
actionwp_loadedincludes\cpt-project.php:62
actionadmin_post_download_project_docincludes\cpt-project.php:63
actionisa_add_every_three_minutes_eventincludes\pto-projectplanner-cron-plugin.php:11
filtercron_schedulesincludes\pto-projectplanner-cron-plugin.php:12
filtermce_external_pluginsincludes\structure\admin\pto_admin_settings.php:36
filtermce_buttonsincludes\structure\admin\pto_admin_settings.php:37
actionadmin_initincludes\structure\admin\pto_admin_settings.php:39

Scheduled Events 1

isa_add_every_three_minutes_event
Maintenance & Trust

PT Project Notebooks Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 26, 2025
PHP min version8.0
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs30
Alternatives

PT Project Notebooks Alternatives

TaskPress

TaskPress

taskpress

A
100

Trello-style Kanban boards for WordPress. Manage projects with drag-and-drop cards, lists, and team collaboration. BETA VERSION.

0 No CVEs
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

fluent-boards

A
92

The Simplest Project & Task Management Plugin Specifically Crafted for Agencies, Freelancers & Founders.

6K 3 CVEs
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

wedevs-project-manager

A
88

Ease Project Management and Task Management using a powerful project manager with Kanban board, Gantt chart, milestone tracking & project reporting.

6K 21 CVEs
LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

lazytasks-project-task-management

C
60

Comprehensive Task Management, FREE! Minimalist design with powerful features to boost your productivity.

70 1 unpatched
GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

gemboards

A
100

GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.

10 No CVEs
Developer Profile

PT Project Notebooks Developer Profile

Brent

1 plugin · 30 total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
159 days
View full developer profile
Detection Fingerprints

How We Detect PT Project Notebooks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/project-notebooks/assets/css/pto-style.css/wp-content/plugins/project-notebooks/assets/css/pto-frontend.css/wp-content/plugins/project-notebooks/assets/js/pto-script.js/wp-content/plugins/project-notebooks/assets/js/pto-frontend.js
Script Paths
/wp-content/plugins/project-notebooks/assets/js/pto-script.js/wp-content/plugins/project-notebooks/assets/js/pto-frontend.js
Version Parameters
project-notebooks/assets/css/pto-style.css?ver=project-notebooks/assets/css/pto-frontend.css?ver=project-notebooks/assets/js/pto-script.js?ver=project-notebooks/assets/js/pto-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
pto-add-notespto-new-project-formpto-notes-tablepto-meeting-notes-rowpto-project-formpto-project-notes-contentpto-notebook-contentpto-project-list+1 more
HTML Comments
<!-- This is the main file for the project notebooks plugin --><!-- script enq --><!-- role add --><!-- project inside cpt filter -->+1 more
Data Attributes
data-project-iddata-post-iddata-note-id
JS Globals
pto_ajax_objectpto_frontend_ajax_object
REST Endpoints
/wp-json/ptoffice/v1/get_projects/wp-json/ptoffice/v1/save_project/wp-json/ptoffice/v1/delete_project/wp-json/ptoffice/v1/get_notes/wp-json/ptoffice/v1/save_note/wp-json/ptoffice/v1/delete_note
Shortcode Output
<div class="pto-notebook-content"><div class="pto-project-list"><div class="pto-project-item"><div class="pto-project-notes-content">
FAQ

Frequently Asked Questions about PT Project Notebooks