CVE-2025-5012 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file typ…
High CVSS: 8.8

CVE-2025-5012

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Vendor
Amentotech
Product
Workreap
CWE
CWE-434
Yayın Tarihi
2025-06-12 06:15:23
Güncelleme
2025-07-10 00:12:21
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-434 Workreap HIGH Amentotech 2025

Referanslar

https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025 https://www.wordfence.com/threat-intel/vulnerabilities/id/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve