Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-10
CVE-2025-4973 - Used By The Workreap Freelance Marketplace Theme
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
THEME
Used By The Workreap Freelance Marketplace
CVE-2025-4973
Risk Score
Threat Entry
Updated 2025-07-10
CVE-2025-5012 - Used By The Workreap Freelance Marketplace Theme
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
THEME
Used By The Workreap Freelance Marketplace
CVE-2025-5012
Risk Score