Unrated severityNVD Advisory· Published Aug 9, 2021· Updated Aug 3, 2024
Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions
CVE-2021-24501
Description
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/mitrex_refsource_MISC
- wpscan.com/vulnerability/66e4aaf4-5ef7-4da8-a45c-e24f449c363emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.