Vulnerabilities in AmentoTech
13 resultsCVE-2025-69101CRITICALWordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2025-5012HIGHWorkreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'EPSS 0.5%CVE-2025-6254CRITICALDoctreat Core <= 1.6.8 - Unauthenticated Privilege EscalationEPSS 0.5%CVE-2025-4973CRITICALWorkreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'EPSS 0.4%CVE-2024-13446CRITICALWorkreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.4%CVE-2025-59566HIGHWordPress Workreap (theme's plugin) plugin <= 3.3.5 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2025-58959HIGHWordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2025-64236CRITICALWordPress Tuturn plugin < 3.6 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2025-31920HIGHWordPress WP Guppy plugin <= 4.3.3 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-22728HIGHWordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-64235MEDIUMWordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2025-58970MEDIUMWordPress Doctreat theme <= 1.6.7 - Content Injection vulnerabilityEPSS 0.2%CVE-2025-58971HIGHWordPress Doctreat theme <= 1.6.7 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%