6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
23.4%
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
Vendor | Product | Version | CPE |
---|---|---|---|
amentotech | workreap | * | cpe:2.3:a:amentotech:workreap:*:*:*:*:*:*:*:* |
[
{
"vendor": "Unknown",
"product": "Workreap",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.6.4"
}
],
"defaultStatus": "unaffected"
}
]