Lucene search
+L

114 matches found

WPVulnDB
WPVulnDB
added 2022/11/12 12:0 a.m.15 views

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. PoC POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

7.5CVSS1AI score0.00783EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/12 12:0 a.m.104 views

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

7.5CVSS1.2AI score0.00783EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2021/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the...

9.8CVSS7.4AI score0.60113EPSS
Exploits9References1
Check Point Advisories
Check Point Advisories
added 2021/11/28 12:0 a.m.86 views

WordPress Workreap Theme Remote Code Execution (CVE-2021-24499)

A remote code execution vulnerability exists in WordPress Workreap theme. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.60113EPSS
Exploits9
GithubExploit
GithubExploit
added 2021/09/12 12:43 p.m.30 views

Exploit for Unrestricted Upload of File with Dangerous Type in Amentotech Workreap

CVE-2021-24499 Mass exploitation of CVE-2021-24499 unauthentic...

9.8CVSS8.6AI score0.60113EPSS
Exploits9
CNVD
CNVD
added 2021/08/10 12:0 a.m.35 views

WordPress Workreap theme Access Control Error Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Workreap theme versions prior to 2.2.2, which stems...

8.1CVSS8AI score0.01251EPSS
Exploits2References1
NVD
NVD
added 2021/08/09 10:15 a.m.14 views

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

9.8CVSS0.60113EPSS
Exploits9References3
OSV
OSV
added 2021/08/09 10:15 a.m.7 views

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

9.8CVSS5.9AI score0.60113EPSS
Exploits9References3
NVD
NVD
added 2021/08/09 10:15 a.m.38 views

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.1CVSS0.00646EPSS
Exploits2References2
OSV
OSV
added 2021/08/09 10:15 a.m.7 views

CVE-2021-24501

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

8.1CVSS5.8AI score0.01251EPSS
Exploits2References2
NVD
NVD
added 2021/08/09 10:15 a.m.23 views

CVE-2021-24501

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

8.1CVSS0.01251EPSS
Exploits2References2
OSV
OSV
added 2021/08/09 10:15 a.m.5 views

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.1CVSS7.4AI score0.00646EPSS
Exploits2References2
Prion
Prion
added 2021/08/09 10:15 a.m.21 views

Design/Logic Flaw

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

7.5CVSS9.6AI score0.60113EPSS
Exploits9References3Affected Software1
Prion
Prion
added 2021/08/09 10:15 a.m.15 views

Authorization

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

5.5CVSS7.8AI score0.01251EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/09 10:4 a.m.31 views

CVE-2021-24501 Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

8.1AI score0.01251EPSS
Exploits2References2
CVE
CVE
added 2021/08/09 10:4 a.m.49 views

CVE-2021-24501

Summary of the CVE-2021-24501 (Workreap theme ≤ 2.2.2) : The WordPress Workreap theme versions prior to 2.2.2 expose missing authorization checks in several AJAX actions, enabling an authenticated (logged-in) user to modify or delete objects owned by other users. The issue arises in AJAX handlers...

8.1CVSS7.9AI score0.01251EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/09 10:4 a.m.35 views

CVE-2021-24500 Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.3AI score0.00646EPSS
Exploits2References2
CVE
CVE
added 2021/08/09 10:4 a.m.52 views

CVE-2021-24500

CVE-2021-24500 affects the WordPress Workreap theme prior to 2.2.2. The vulnerability arises from several AJAX actions lacking CSRF protections and insecure direct object references (IDOR), enabling a logged-in attacker to submit POST requests that could modify or delete arbitrary objects on the ...

8.1CVSS8.1AI score0.00646EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.17 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in WordPress theme Workreap that stems from...

9.8CVSS8.3AI score0.60113EPSS
Exploits9References6
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.6 views

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Workreap theme versions prior to 2.2.2, which stems...

8.1CVSS5.7AI score0.01251EPSS
Exploits2References2
Rows per page
Query Builder