Primary

Context

AmentoTech Workreap Core Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability allowing authentication bypass has been identified in the AmentoTech Workreap Core plugin, affecting versions through 3.4.0. This vulnerability allows unauthorized users to bypass authentication mechanisms, potentially leading to account takeover by gaining access to actions and privileges reserved for higher-level users, such as administrators.

Impact

Exploitation of this vulnerability could allow an unauthorized user to gain administrative access to a WordPress site, performing actions that could compromise the site's integrity and security.

Remediation

Users of the Workreap Core plugin are advised to update to the latest version. For those seeking immediate protection, Patchstack offers a mitigation rule that can be applied until an official fix is available.

Added: Jan 22, 2026, 8:17 PM

Updated: Jan 22, 2026, 8:17 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

7.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

7.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AmentoTech Workreap Core Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

AmentoTech Workreap Core

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating