WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

Exploit for Unrestricted Upload of File with Dangerous Type in Amentotech Workreap

CVE-2021-24499 | Workreap - Freelance Marketplace and Director...

CVE-2025-69101

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.1...

CVE-2025-69101

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.1...

CVE-2025-69101 WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.1...

CVE-2025-69101

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.0...

CVE-2025-69101 WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreapcore allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.1...

CVE-2025-69101

CVE-2025-69101 describes an Authentication Bypass in the WordPress plugin Workreap Core (versions up to and including 3.4.0). The issue allows Authentication Abuse via an alternate path or channel, potentially enabling an attacker to impersonate legitimate users and perform account takeover. The ...

WordPress plugin Workreap Core has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4171

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap core allows Authentication Abuse.This issue affects Workreap Core: from n/a through = 3.4.0...

WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by NAWardRox in WordPress Plugin Workreap Core versions = 3.4.1...

CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2025-22728 WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2025-22728

CVE-2025-22728 is an authenticated SQL injection in the Workreap plugin/theme for WordPress (

CVE-2025-22728 WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Workreap theme's plugin versions = 3.3.6...

PT-2026-1792

Name of the Vulnerable Software and Affected Versions AmentoTech Workreap theme's plugin versions through 3.3.6 Description The Workreap plugin contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attack...

WordPress plugin Workreap (theme s plugin) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-59566

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Workreap theme's plugin workreap allows Path Traversal.This issue affects Workreap theme's plugin: from n/a through = 3.3.5...