CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
amentotechworkreap
𝑥
< 2.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb
http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb