Every CVE whose affected-product data names Amentotech Workreap, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-13446 — CVSS 9.8 (critical): The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5…
CVE-2021-24499 — CVSS 9.8 (critical): The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform…
CVE-2025-4973 — CVSS 9.8 (critical): The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in…
CVE-2025-5012 — CVSS 8.8 (high): The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads…
CVE-2021-24501 — CVSS 8.1 (high): The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to…
CVE-2021-24500 — CVSS 8.1 (high): Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct…
CVE-2022-3846 — CVSS 7.5 (high): The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's…
CVE-2022-4239 — CVSS 6.5 (medium): The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it…