AmentoTech Workreap Core CVE-2025-69101
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.0.
AnalysisAI
Workreap Core WordPress plugin has an authentication bypass allowing unauthenticated users to access protected functionality through an alternate authentication path.
Technical ContextAI
The Workreap Core plugin by AmentoTech has a CWE-288 authentication bypass using an alternate path that allows unauthenticated attackers to access functionality requiring authentication.
Affected ProductsAI
AmentoTech Workreap Core WordPress plugin
RemediationAI
Update the plugin immediately. Audit marketplace transactions for unauthorized changes.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today