CVE-2021-24500

Name of the Vulnerable Software and Affected Versions Workreap WordPress theme versions prior to 2.2.2

Description The issue allows an attacker to trick a logged-in user into submitting a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site. This is due to several AJAX actions lacking CSRF protections and allowing insecure direct object references that were not validated.

Recommendations For Workreap WordPress theme versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update is applied.