Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Network CSRF with no attacker privileges but mandatory victim interaction (UI:R); auth bypass yields high confidentiality and integrity impact, but availability impact is not demonstrated (A:N).
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through <= 1.7.08.
AnalysisAI
Authentication bypass in the WorkScout Core WordPress plugin (versions up to and including 1.7.08) can be triggered through a Cross-Site Request Forgery flaw, letting an off-site attacker perform privileged authentication-related actions in the context of a logged-in victim who visits a malicious page. The issue was reported by Patchstack and carries a CVSS 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the vulnerable action to lack CSRF nonce validation (CWE-352) and, per UI:R in the CVSS vector, requires an authenticated victim to be tricked into visiting or interacting with an attacker-controlled page while holding a valid WorkScout/WordPress session. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) drives the 8.8 score: network-reachable, low complexity, no attacker privileges, but requiring user interaction, with high impact to confidentiality, integrity and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a web page containing a hidden auto-submitting form or request targeting the vulnerable WorkScout Core authentication action and lures a logged-in WordPress user or administrator to visit it (e.g., via a phishing link). Because the endpoint does not validate a CSRF nonce, the victim's browser silently submits the forged request with their valid session cookies, causing the authentication bypass in their context. … |
| Remediation | No vendor-released patch identified at time of analysis - the advisory only marks all builds through 1.7.08 as vulnerable and does not cite a fixed version, so administrators should monitor the WorkScout/purethemes changelog and the Patchstack entry (https://patchstack.com/database/Wordpress/Plugin/workscout-core/vulnerability/wordpress-workscout-core-plugin-1-7-08-cross-site-request-forgery-csrf-to-broken-authentication-vulnerability) and upgrade to the first release above 1.7.08 as soon as it ships. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit all WordPress installations to identify systems running WorkScout Core plugin versions up to 1.7.08 and document deployment scope and criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Workscout Core
View allThe Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent vi
Unauthenticated arbitrary file deletion in the WorkScout-Core WordPress plugin (versions <= 1.7.11) allows any remote at
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43402