Vulnerabilities > CVE-2021-24501 - Missing Authorization vulnerability in Amentotech Workreap

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

amentotech

CWE-862

NVD

Published: 2021-08-09

Updated: 2021-08-17

Summary

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.

Vulnerable Configurations

Part	Description	Count
Application	Amentotech Amentotech Workreap - Amentotech Workreap 1.0.1 Amentotech Workreap 1.0.2 Amentotech Workreap 1.0.3 Amentotech Workreap 1.0.4 Amentotech Workreap 1.0.5 Amentotech Workreap 1.0.6 Amentotech Workreap 1.0.7 Amentotech Workreap 1.0.8 Amentotech Workreap 1.0.9 Amentotech Workreap 1.1.0 Amentotech Workreap 1.1.1 Amentotech Workreap 1.1.2 Amentotech Workreap 1.1.3 Amentotech Workreap 1.1.4 Amentotech Workreap 1.1.5 Amentotech Workreap 1.1.6 Amentotech Workreap 1.1.7 Amentotech Workreap 1.1.8 Amentotech Workreap 1.1.9 Amentotech Workreap 1.2.0 Amentotech Workreap 1.2.1 Amentotech Workreap 1.2.2 Amentotech Workreap 1.2.3 Amentotech Workreap 1.2.4 Amentotech Workreap 1.2.5 Amentotech Workreap 1.2.6 Amentotech Workreap 1.2.7 Amentotech Workreap 1.2.8 Amentotech Workreap 1.2.9 Amentotech Workreap 1.3.0 Amentotech Workreap 1.3.1 Amentotech Workreap 1.3.2 Amentotech Workreap 1.3.3 Amentotech Workreap 1.3.4 Amentotech Workreap 1.3.5 Amentotech Workreap 1.3.6 Amentotech Workreap 1.3.7 Amentotech Workreap 1.3.8 Amentotech Workreap 1.3.9 Amentotech Workreap 1.4.0 Amentotech Workreap 1.4.1 Amentotech Workreap 1.4.2 Amentotech Workreap 1.4.3 Amentotech Workreap 1.4.4 Amentotech Workreap 1.4.5 Amentotech Workreap 1.4.6 Amentotech Workreap 1.4.7 Amentotech Workreap 1.4.8 Amentotech Workreap 1.4.9 Amentotech Workreap 1.5.0 Amentotech Workreap 1.5.1 Amentotech Workreap 1.5.2 Amentotech Workreap 1.5.3 Amentotech Workreap 1.5.4 Amentotech Workreap 1.5.6 Amentotech Workreap 1.5.7 Amentotech Workreap 1.5.8 Amentotech Workreap 1.5.9 Amentotech Workreap 1.6.0 Amentotech Workreap 1.6.1 Amentotech Workreap 1.6.2 Amentotech Workreap 1.6.3 Amentotech Workreap 1.6.4 Amentotech Workreap 1.6.5 Amentotech Workreap 1.6.6 Amentotech Workreap 1.6.7 Amentotech Workreap 1.6.8 Amentotech Workreap 1.6.9 Amentotech Workreap 1.7.0 Amentotech Workreap 1.7.1 Amentotech Workreap 1.7.2 Amentotech Workreap 1.7.3 Amentotech Workreap 1.7.4 Amentotech Workreap 1.7.5 Amentotech Workreap 1.7.6 Amentotech Workreap 1.7.7 Amentotech Workreap 1.7.8 Amentotech Workreap 1.7.9 Amentotech Workreap 1.8.0 Amentotech Workreap 2.0 Amentotech Workreap 2.1.1 Amentotech Workreap 2.1.2 Amentotech Workreap 2.1.3 Amentotech Workreap 2.1.4 Amentotech Workreap 2.1.5 Amentotech Workreap 2.1.6 Amentotech Workreap 2.1.7 Amentotech Workreap 2.1.8 Amentotech Workreap 2.1.9 Amentotech Workreap 2.2.1	91

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References