CVE-2022-3846

Name of the Vulnerable Software and Affected Versions Workreap WordPress theme versions prior to 2.6.3

Description The issue affects the notifications feature, allowing unauthorized access to any user's notification, whether employer or freelancer, due to the notification ID being brute-forceable.

Recommendations For versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the notifications feature until the update is applied.