Amentotech Workreap
8 CVEs affecting Amentotech Workreap. Latest disclosed: 2025-06-12. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-4973 | Critical | 9.8 | 2025-06-12 | The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to… |
CVE-2024-13446 | Critical | 9.8 | 2025-03-12 | The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the pl… |
CVE-2021-24499 | Critical | 9.8 | 2021-08-09 | The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or valid… |
CVE-2025-5012 | High | 8.8 | 2025-06-12 | The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file ty… |
CVE-2021-24501 | High | 8.1 | 2021-08-09 | The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operat… |
CVE-2021-24500 | High | 8.1 | 2021-08-09 | Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that… |
CVE-2022-3846 | High | 7.5 | 2022-12-05 | The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or free… |
CVE-2022-4239 | Medium | 6.5 | 2022-12-26 | The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service… |