CVE-2021-24501

🗓️ 09 Aug 2021 10:04:09Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress 访问控制错误漏洞	9 Aug 202100:00	–	cnnvd
CNVD	WordPress Workreap theme Access Control Error Vulnerability	10 Aug 202100:00	–	cnvd
Cvelist	CVE-2021-24501 Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions	9 Aug 202110:04	–	cvelist
EUVD	EUVD-2021-11413	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24501	9 Aug 202110:15	–	nvd
OSV	CVE-2021-24501	9 Aug 202110:15	–	osv
Patchstack	WordPress Workreap premium theme <= 2.2.1 - Missing authorization checks in AJAX actions vulnerability	2 Jul 202100:00	–	patchstack
Prion	Authorization	9 Aug 202110:15	–	prion
RedhatCVE	CVE-2021-24501	22 May 202518:24	–	redhatcve
wpexploit	Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions	2 Jul 202100:00	–	wpexploit

NVD

Vulners

Node

amentotech workreapRange<2.2.2wordpress

[
  {
    "product": "Workreap",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.2.2",
        "status": "affected",
        "version": "2.2.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/66e4aaf4-5ef7-4da8-a45c-e24f449c363e
jetpack	www.jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/

Parameter	Position	Path	Description	CWE
action	request body	wp-admin/admin-ajax.php	Missing authorization checks in Workreap AJAX action portfolio_remove allowing a logged-in user to delete another user's portfolio.	CWE-862, CWE-283
id	request body	wp-admin/admin-ajax.php	Missing authorization checks in Workreap AJAX action portfolio_remove allowing a logged-in user to delete another user's portfolio.	CWE-862, CWE-283

17 Jun 2026 03:40Current

7.9High risk

Vulners AI Score7.9

CVSS 25.5

CVSS 3.18.1

EPSS0.01251