Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
5DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6.
AnalysisAI
Workreap WordPress plugin (through 3.3.6) has SQL injection enabling unauthenticated database extraction. A freelance marketplace plugin likely containing user PII and financial data.
Technical ContextAI
The plugin's database queries use unparameterized user input (CWE-89). As a freelance marketplace plugin, the database contains user profiles, billing information, project details, and communication logs.
Affected ProductsAI
Workreap WordPress plugin through 3.3.6
RemediationAI
Update the plugin. Audit for data exfiltration.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today