CVE-2022-4239

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
Configurations

Configuration 1 (hide)

cpe:2.3:a:amentotech:workreap:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694c - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694c - Exploit, Third Party Advisory
Summary
  • (es) El tema Workreap WordPress anterior a 2.6.4 no verifica que un servicio complementario pertenezca al usuario que emite la solicitud, o incluso que sea un servicio complementario, al procesar la acción workreap_addons_service_remove, lo que permite a cualquier usuario eliminar cualquier publicación conociendo o adivinando la identificación.

Information

Published : 2022-12-26 13:15

Updated : 2025-04-14 14:15


NVD link : CVE-2022-4239

Mitre link : CVE-2022-4239

CVE.ORG link : CVE-2022-4239


JSON object : View

Products Affected

amentotech

  • workreap
CWE

No CWE.