Unrated severityNVD Advisory· Published Dec 5, 2022· Updated Apr 23, 2025
Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR
CVE-2022-3846
Description
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/6220c7ef-69a6-49c4-9c56-156b945446afmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.