Themes Vulnerabilities

Workreap < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Description

The theme's AJAX actions `workreap_award_temp_file_uploader` and `workreap_temp_file_uploader` did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.

Proof of Concept

Affects Themes

workreap
Fixed in 2.2.2

References

CVE
CVE-2021-24499
URL
https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/

Miscellaneous

Original Researcher
Harald Eilertsen (Jetpack)
Submitter
Harald Eilertsen (Jetpack)
Verified
Yes
WPVDB ID
74611d5f-afba-42ae-bc19-777cdf2808cb

Timeline

Publicly Published
2021-07-02 (about 4 years ago)
Added
2021-07-10 (about 4 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2022-04-13
Title
Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload
Published
2014-11-25
Title
Gallery Bank <= 3.0.60 - Shell Upload
Published
2024-01-09
Title
Customer Reviews for WooCommerce < 5.38.10 - Author+ Arbitrary File Upload
Published
2014-08-01
Title
wp-royal-gallery - Arbitrary File Upload
Published
2025-10-21
Title
King Addons for Elementor < 51.1.37 - Unauthenticated Arbitrary File Upload