Description
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
Published: 2025-06-12
Score: 9.8 Critical
EPSS: 1.1% Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The Workreap plugin for WordPress allows attackers to bypass authentication by invoking the workreap_verify_user_account routine with a target’s email address. The plugin does not confirm that the user’s confirmation_key has already been set before logging them in, a flaw that falls under CWE‑288 broken authentication. Attackers who know a registered user’s email can therefore log in as that user, including administrators, if the confirmation_key has not yet been set. This enables full compromise of the victim’s account and potentially the entire site.

Affected Systems

Versions of the AmentoTech Workreap plugin up to and including 3.3.1 are affected. The plugin is bundled with the Workreap – Freelance Marketplace WordPress Theme, so any WordPress installation running these plugin versions is vulnerable. No later versions are known to be impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical risk level, while an EPSS score of 1% suggests a low‑to‑moderate likelihood of active exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation requires no special privileges; it only needs the attacker’s knowledge of a user’s email address and that the confirmation_key remains unset. The likely attack vector is a web request to the publicly exposed workreap_verify_user_account endpoint, making the vulnerability straightforward to exploit for unauthenticated attackers.

Generated by OpenCVE AI on April 22, 2026 at 01:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Workreap plugin to version 3.3.2 or later, where the authentication bypass has been fixed.
  • If an immediate upgrade is not possible, restrict access to the workreap_verify_user_account endpoint through web‑server rules or a security plugin, preventing public exploitation.
  • Ensure that all existing user accounts have had their confirmation_key set by completing any pending email confirmations; accounts that already have a confirmation key are no longer vulnerable.

Generated by OpenCVE AI on April 22, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18159 The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00308}

 epss

{'score': 0.00445}

Thu, 10 Jul 2025 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Amentotech
Amentotech workreap
CPEs cpe:2.3:a:amentotech:workreap:*:*:*:*:*:wordpress:*:*
Vendors & Products Amentotech
Amentotech workreap

Thu, 12 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Jun 2025 05:45:00 +0000

Type Values Removed Values Added
Description The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
Title Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Amentotech Workreap
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:06:22.730Z

Reserved: 2025-05-20T00:13:58.960Z

Link: CVE-2025-4973

cve-icon Vulnrichment

Updated: 2025-06-12T13:07:17.140Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-12T06:15:23.440

Modified: 2025-07-10T00:13:10.950

Link: CVE-2025-4973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T01:30:05Z

Weaknesses