Medium severity6.5NVD Advisory· Published Dec 26, 2022· Updated Jun 17, 2026
CVE-2022-4239
CVE-2022-4239
Description
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.6.4+ 1 more
- (no CPE)range: <2.6.4
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/1c163987-fb53-43f7-bbff-1c2d8c0d694cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.