How to fix EUVD-2025-18160?

Within 24 hours: Identify all instances of Workreap theme in your environment and document current versions. Within 7 days: Implement network-level controls to restrict file upload functionality and monitor upload directories for suspicious activity. Within 30 days: Contact Workreap vendor for patch availability and schedule immediate patching upon release; if unavailable, plan migration to alternative marketplace solutions or disable the vulnerable upload function entirely.

Is Workreap affected by EUVD-2025-18160?

Organizations running Workreap WordPress theme versions up to 3.3.2 face a critical remote code execution risk, as authenticated users can upload malicious files to the server without validation.

EUVD-2025-18160

| CVE-2025-5012 HIGH

2025-06-12 [email protected]

WordPress RCE Workreap PHP

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18160

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

CVE Published

Jun 12, 2025 - 06:15 nvd

HIGH 8.8

DescriptionNVD

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

AnalysisAI

A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-434 (Unrestricted File Upload). CVSS 8.8 indicates high severity. Affects all.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-18160 vulnerability details – vuln.today

Back

EUVD-2025-18160

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code