Skip to main content

Workreap

8 CVEs product

Monthly

CVE-2025-5012 HIGH This Week

A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.

WordPress RCE Workreap PHP
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4973 CRITICAL Act Now

A authentication bypass vulnerability in all (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

WordPress Authentication Bypass PHP Workreap
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-13446 CRITICAL Act Now

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Workreap
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4239 MEDIUM POC This Month

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3846 HIGH POC This Week

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-24501 HIGH POC This Week

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-24500 HIGH POC This Week

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Workreap
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-24499 CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Workreap
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
60.1%
EPSS 1% CVSS 8.8
HIGH This Week

A file upload vulnerability in all (CVSS 8.8). High severity vulnerability requiring prompt remediation.

WordPress RCE Workreap +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A authentication bypass vulnerability in all (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

WordPress Authentication Bypass PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Workreap
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
EPSS 1% CVSS 7.5
HIGH POC This Week

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
EPSS 1% CVSS 8.1
HIGH POC This Week

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Workreap
NVD WPScan
EPSS 1% CVSS 8.1
HIGH POC This Week

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Workreap
NVD WPScan
EPSS 60% CVSS 9.8
CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy