CVE-2021-24499

Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

EPSS 60.4%CWE-434

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.

Affected products

Unknown · Workreap

public PoCs found — 6

githubgithub.com/j4k0m/CVE-2021-24499★ 16 githubgithub.com/hh-hunter/cve-2021-24499★ 0 githubgithub.com/jytmX/CVE-2021-24499★ 0 githubgithub.com/jayhutajulu1/CVE-2021-24499★ 0 cve_referencepacketstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.htmlunverified exploitdbwww.exploit-db.com/exploits/51510unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb