CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

2022-12-2612:28:20

WPScan

www.cve.org

cve-2022-4239

workreap

wordpress theme

arbitrary posts deletion

idor

security vulnerability

0.001 Low

EPSS

Percentile

23.5%

JSON

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Workreap",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.6.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694c

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2022-4239