Several AJAX actions available in the Workreap WordPress theme prior to 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an malicious user to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
amentotech workreap |