PT-2026-1792 · WordPress · Workreap
Published
2026-01-08
·
Updated
2026-01-08
·
CVE-2025-22728
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
AmentoTech Workreap (theme's plugin) versions through 3.3.6
Description
The Workreap plugin contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data modification, or disclosure.
Recommendations
Update Workreap to a version newer than 3.3.6.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Workreap