The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-26T12:28:20.678Z
Updated: 2024-08-03T01:34:49.603Z
Reserved: 2022-11-30T19:00:06.582Z
Link: CVE-2022-4239
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-26T13:15:13.840
Modified: 2023-11-07T03:57:17.180
Link: CVE-2022-4239
Redhat
No data.