Vulnerabilities > CVE-2022-3846 - Unspecified vulnerability in Amentotech Workreap

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
amentotech

Summary

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.

Vulnerable Configurations

Part Description Count
Application
Amentotech
132