2 matches found
CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...
CVE-2022-4239
The vulnerability CVE-2022-4239 affects the Workreap WordPress theme prior to 2.6.4. It arises from the addon service removal path (workreap_addons_service_remove) not verifying ownership or the existence of an addon service, enabling an authenticated user to delete arbitrary posts by guessing th...