- Description
- The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-288
- Hype score
- Not currently trending
CVE-2025-4973 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authen..https://t.co/umSvKbv3ZK #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
17 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical #Workreap flaw: CVE-2025-4973 lets attackers bypass authentication & access admin accounts if they know the email. Patch ASAP! https://t.co/yspcnaVany #OffSeq #WordPress #infosec #CVE https://t.co/rAWvDcnut3
@offseq
12 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4973 Authentication Bypass in Workreap WordPress Plugin Enables Unauthorized User Access https://t.co/y7I8XeYozL
@VulmonFeeds
12 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4973 The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and inclu… https://t.co/LXbUfDQeVo
@CVEnew
12 Jun 2025
563 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4973: CRITICAL] WordPress Workreap plugin, up to v3.3.1, has an authentication bypass vulnerability, allowing unauthenticated attackers to access registered user accounts, including admins.#cve,CVE-2025-4973,#cybersecurity https://t.co/mazX6u8IWQ https://t.co/GV1A2c35dp
@CveFindCom
12 Jun 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amentotech:workreap:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "31576DC9-3E2E-434E-9CD5-67E4963C16AF",
"versionEndExcluding": "3.3.2"
}
],
"operator": "OR"
}
]
}
]