CVE-2025-4973

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

Design/Logic Flaw

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...

CVE-2021-43791

Zulip 4.x vulnerability (CVE-2021-43791): Expired invitation confirmation keys were not properly validated in the new account registration flow. The check_prereg_key_and_redirect step validated the key, but /accounts/register/ did not, allowing registration with an expired key. Impact: potential ...

Zulip 代码问题漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a code issue vulnerability that stems from improper design or implementation during the code...