6.5

CVE-2022-4239

Exploit

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

Workreap <= 2.6.3 - Insecure Direct Object Reference

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
Mögliche Gegenmaßnahme
Workreap - Freelance Marketplace and Directory WordPress Theme: Update to version 2.6.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AmentotechWorkreap SwPlatformwordpress Version < 2.6.4
Weitere Schwachstelleninformationen
SystemWordPress Theme
Produkt Workreap - Freelance Marketplace and Directory WordPress Theme
Version *-2.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.437
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694c
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ee90c4-e9ab-426e-8b92-217de43bd2e4
Third Party Advisory