CVE-2021-24500

CVE-2021-24500: Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Vendor Unknown
Product Workreap
Weakness CWE-283
Published August 9, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
August 3, 2024 Record updated