Workreap WordPress Plugin Privilege Escalation Vulnerability via Account Takeover
Vulnerability
A vulnerability allowing privilege escalation through account takeover has been identified in the Workreap plugin for WordPress, affecting all versions prior to and including 3.2.5. The issue arises because the plugin fails to properly verify a user's identity before executing social auto-logins or updating profile information, such as passwords. This flaw enables unauthenticated attackers to either log in as any user by knowing their email address or to change the password of any user, including administrators, and gain access to their accounts.
Impact
Exploitation of this vulnerability allows for unauthorized access to user accounts, including those of administrators, by bypassing authentication requirements. This could lead to further actions being taken under the guise of the compromised user.
Remediation
Users are advised to update the Workreap WordPress plugin to version 3.2.6 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.