Back to search
CVE-2022-4239
Published: Dec 26, 2022
Modified: Apr 14, 2025
PUBLISHED
Description
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Workreap | affected 0 - < 2.6.4 |
References
https://wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694c
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now