Skip to main content

AmentoTech Workreap Core CVE-2025-69101

CRITICAL
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-01-22 audit@patchstack.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 22, 2026 - 17:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.0.

AnalysisAI

Workreap Core WordPress plugin has an authentication bypass allowing unauthenticated users to access protected functionality through an alternate authentication path.

Technical ContextAI

The Workreap Core plugin by AmentoTech has a CWE-288 authentication bypass using an alternate path that allows unauthenticated attackers to access functionality requiring authentication.

Affected ProductsAI

AmentoTech Workreap Core WordPress plugin

RemediationAI

Update the plugin immediately. Audit marketplace transactions for unauthorized changes.

Share

CVE-2025-69101 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy