2 matches found
CVE-2022-3846
CVE-2022-3846 affects the Workreap WordPress theme prior to version 2.6.3. The vulnerability arises in the notifications feature, where the notification ID is brute-forcable, allowing an attacker to read any user’s notifications (employer or freelancer). Public details in connected documents show...
CVE-2022-3846 Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable...