CRITICAL🇵🇱 Wersja polska

CVE-2024-13446

CVSS 9.8v3.1pub. 2025-03-12upd. 2025-04-02

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5.

🤖 AI Analysis
How it works

The plugin does not properly validate user identity before performing two operations: automatic login via social account (social auto-login) and profile data updates, including password changes. An attacker who knows the victim's email address can log into their account without providing a password by using the social auto-login mechanism. Alternatively, an attacker can change the password of any user — including an administrator — without authentication, and then gain full access to the account.

Impact

An unauthenticated attacker can take control of any WordPress user account, including administrator accounts, resulting in complete compromise of the website's confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references. Version 3.2.5 contains only a partial fix — it is recommended to monitor updates released by Amentotech and apply the fully patched version as soon as it becomes available.

Who is affected

Workreap plugin for WordPress in all versions up to and including 3.2.5. Note: in version 3.2.5, the vulnerability has been fixed only partially.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Amentotech Workreap

    APP
    Amentotech
    < 3.2.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References

Related vulnerabilities

CVE-2025-4973CRITICAL9.8PL ✓ten sam produkt

Authentication Bypass w pluginie Workreap dla WordPress (do wersji 3.3.1)

CVE-2021-24499CRITICAL9.8ten sam produkt

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_fil...

CVE-2025-5012HIGH8.8ten sam produkt

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable...

CVE-2022-3846HIGH7.5ten sam produkt

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible ...

CVE-2021-24501HIGH8.1ten sam produkt

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that...