Vulnerabilities > CVE-2021-24499 - Unspecified vulnerability in Amentotech Workreap
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
- http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
- https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
- https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
- https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb
- https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb