The Workreap WordPress theme prior to 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
amentotech workreap |