CVE-2022-4239

Name of the Vulnerable Software and Affected Versions Workreap WordPress theme versions prior to 2.6.4

Description The issue allows any user to delete any post by knowing or guessing the id, due to the lack of verification that an addon service belongs to the user issuing the request or that it is an addon service when processing the workreap addons service remove action.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the workreap addons service remove action to minimize the risk of exploitation.