Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amentotech workreap vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4239
The Workreap WordPress theme prior to 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing...
Amentotech Workreap
8.1
CVSSv3
CVE-2021-24501
The Workreap WordPress theme prior to 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to othe...
Amentotech Workreap
8.1
CVSSv3
CVE-2021-24500
Several AJAX actions available in the Workreap WordPress theme prior to 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an malicious user to trick a logged in user to submit a POST request to the vulnerable...
Amentotech Workreap
7.5
CVSSv3
CVE-2022-3846
The Workreap WordPress theme prior to 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
Amentotech Workreap
9.8
CVSSv3
CVE-2021-24499
The Workreap WordPress theme prior to 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the ...
Amentotech Workreap
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started