CVE-2025-5012

Name of the Vulnerable Software and Affected Versions Workreap plugin for WordPress versions up to and including 3.3.2

Description The issue arises from missing file type validation in the workreap temp upload to media function, allowing authenticated attackers with Subscriber-level access or higher to upload arbitrary files to the server of the affected site. This could potentially enable remote code execution.

Recommendations For Workreap plugin for WordPress versions up to and including 3.3.2, update to a version higher than 3.3.2 to resolve the issue. As a temporary workaround, consider restricting access to the workreap temp upload to media function to minimize the risk of exploitation.