3 matches found
WordPress Workreap plugin <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media' vulnerability
Authenticated Subscriber+ Arbitrary File Upload via 'workreaptempuploadtomedia' vulnerability discovered by Foxyyy in WordPress Plugin Workreap theme's plugin versions = 3.3.2...
CVE-2025-5012
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreaptempuploadtomedia' function in all versions up to, and including, 3.3.2. This makes it possible for...
CVE-2025-5012 Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreaptempuploadtomedia' function in all versions up to, and including, 3.3.2. This makes it possible for...