CVE-2025-4973 CRITICAL

CVE-2025-4973: Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'

Vendor Amentotech
Product Workreap
Weakness CWE-288
Published June 12, 2025
Last update April 8, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.

Explanation of Vulnerability in Simple Terms

02Summary

Workreap versions 3.3.1 and earlier contain an authentication bypass vulnerability. An attacker can gain unauthorized access to the application without valid credentials. The vulnerability affects all confidentiality, integrity, and availability of the system. Immediate patching is required.

What an attacker can do

03Attacker Capabilities

Gain full unauthorized access to the application and read, modify, or delete any data.

Potential impact on your site

04Site Impact

Complete compromise of Workreap installation; attackers can access all user data, modify content, and disrupt service.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

June 12, 2025 CVE published
April 8, 2026 Record updated