Workreap Core <= 3.4.0 – Authentication Bypass | CVE 2025-69101

Affects Plugins

workreap_core

No known fix

References

CVE

CVE-2025-69101

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/406c02e0-cebb-400a-b276-dc0b0bd9f1ad

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

CVSS

9.8 (critical)

Miscellaneous

Original Researcher

NAWardRox

Verified

No

WPVDB ID

96ce1911-7c26-4dc9-8f1f-d888c18a7d4a

Timeline

Publicly Published

2026-01-15 (about 3 months ago)

Added

2026-01-20 (about 3 months ago)

Last Updated

2026-01-20 (about 3 months ago)

Other

Published

Title

Published

2021-12-08

Title

Registration Magic < 5.0.1.8 - Authentication Bypass

Published

2026-02-12

Title

Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

Published

2014-08-01

Title

Profile Builder < 1.1.60 - Password Recovery Bypass

Published

2025-03-13

Title

Civi <= 2.1.4 - Authentication Bypass via Non-Randomized Password for SSO Accounts

Published

2024-10-25

Title

WatchTowerHQ < 3.10.4 - Authentication Bypass to Administrator due to Missing Empty Value Check