Amentotech Workreap

8 CVEs affecting Amentotech Workreap. Latest disclosed: 2025-06-12. Critical: 3, High: 4.

Top CVEs affecting Amentotech Workreap
CVESeverityScorePublishedSummary
CVE-2025-4973Critical9.82025-06-12The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to…
CVE-2024-13446Critical9.82025-03-12The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the pl…
CVE-2021-24499Critical9.82021-08-09The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or valid…
CVE-2025-5012High8.82025-06-12The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file ty…
CVE-2021-24501High8.12021-08-09The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operat…
CVE-2021-24500High8.12021-08-09Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that…
CVE-2022-3846High7.52022-12-05The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or free…
CVE-2022-4239Medium6.52022-12-26The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service…