8.1
CVE-2021-24501
- EPSS 1.25%
- Veröffentlicht 09.08.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:11
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWorkreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions
Workreap Theme < 2.2.2 - Authorization Bypass
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.
Mögliche Gegenmaßnahme
Workreap - Freelance Marketplace and Directory WordPress Theme: Update to version 2.2.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amentotech ≫ Workreap SwPlatformwordpress Version < 2.2.2
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Workreap - Freelance Marketplace and Directory WordPress Theme
Version
[*, 2.2.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.25% | 0.655 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:P
|
CWE-283 Unverified Ownership
The product does not properly verify that a critical resource is owned by the proper entity.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
https://wpscan.com/vulnerability/66e4aaf4-5ef7-4da8-a45c-e24f449c363e
https://www.wordfence.com/threat-intel/vulnerabilities/id/a18963cb-24c7-45b4-987d-5a8789b1ab0a