8.1
CVE-2021-24501
- EPSS 0.29%
- Veröffentlicht 09.08.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWorkreap Theme < 2.2.2 - Authorization Bypass
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.
Mögliche Gegenmaßnahme
Workreap - Freelance Marketplace and Directory WordPress Theme: Update to version 2.2.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Workreap - Freelance Marketplace and Directory WordPress Theme
Version
[*, 2.2.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amentotech ≫ Workreap SwPlatformwordpress Version < 2.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.497 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
CWE-283 Unverified Ownership
The product does not properly verify that a critical resource is owned by the proper entity.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.