CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS7.7AI score0.60377EPSS

Exploits9References5

NVD•added 2026/01/22 5:16 p.m.•4 views

CVE-2025-69101

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.1...

9.8CVSS0.00547EPSS

Exploits0References1

RedhatCVE•added 2026/01/10 5:41 a.m.•3 views

CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

8.5CVSS5.9AI score0.00321EPSS

Exploits0References1

NVD•added 2026/01/08 10:15 a.m.•3 views

CVE-2025-22728

8.5CVSS0.00321EPSS

Exploits0References1

Positive Technologies•added 2026/01/08 12:0 a.m.•4 views

PT-2026-1792

Name of the Vulnerable Software and Affected Versions AmentoTech Workreap theme's plugin versions through 3.3.6 Description The Workreap plugin contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attack...

9.8CVSS7AI score0.00321EPSS

Exploits0References3

RedhatCVE•added 2025/12/19 4:23 p.m.•8 views

CVE-2025-64236

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

9.8CVSS5.2AI score0.00373EPSS

Exploits0References1

EUVD•added 2025/12/18 6:30 p.m.•4 views

EUVD-2025-204294

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

9.8CVSS6.5AI score0.00373EPSS

Exploits0References2

NVD•added 2025/12/18 5:15 p.m.•3 views

CVE-2025-64236

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

9.8CVSS0.00373EPSS

Exploits0References1

NVD•added 2025/12/18 5:15 p.m.•3 views

CVE-2025-64235

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...

6.5CVSS0.00302EPSS

Exploits0References1

Positive Technologies•added 2025/12/18 12:0 a.m.•5 views

PT-2025-52275

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...

6.5CVSS6.9AI score0.00302EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52264

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

9.8CVSS7AI score0.00373EPSS

Exploits0References2

RedhatCVE•added 2025/10/24 1:35 p.m.•3 views

CVE-2025-58971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through = 1.6.7...

7.1CVSS6.4AI score0.00228EPSS

Exploits0References1

RedhatCVE•added 2025/10/23 3:13 p.m.•4 views

CVE-2025-59566

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...

7.7CVSS6.9AI score0.00394EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•4 views

EUVD-2025-35444

5.9AI score0.00228EPSS

Exploits0References2

EUVD•added 2025/10/22 3:31 p.m.•3 views

EUVD-2025-35435

7.6CVSS6.4AI score0.00394EPSS

Exploits0References2

EUVD•added 2025/10/22 3:31 p.m.•2 views

EUVD-2025-35450

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

6.4AI score0.00391EPSS

Exploits0References2

NVD•added 2025/10/22 3:15 p.m.•2 views

CVE-2025-59566

7.7CVSS0.00394EPSS

Exploits0References1

NVD•added 2025/10/22 3:15 p.m.•4 views

CVE-2025-58971

7.1CVSS0.00228EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-58959 WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

7.7CVSS6.5AI score0.00391EPSS

Exploits0References1

Positive Technologies•added 2025/10/22 12:0 a.m.•4 views

PT-2025-43282

Name of the Vulnerable Software and Affected Versions AmentoTech Doctreat versions through 1.6.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to injec...

7.1CVSS6AI score0.00228EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by