{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5012", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-20T15:46:04.592Z", "datePublished": "2025-06-12T05:23:39.401Z", "dateUpdated": "2026-04-08T16:37:37.246Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:37.246Z"}, "affected": [{"vendor": "AmentoTech", "product": "Workreap", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve"}, {"url": "https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-06-11T16:31:13.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-12T13:07:46.419286Z", "id": "CVE-2025-5012", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T13:07:54.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-12T13:07:46.419286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T13:07:50.695Z"}}], "cna": {"title": "Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "AmentoTech", "product": "Workreap", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.3.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-11T16:31:13.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve"}, {"url": "https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025"}], "descriptions": [{"lang": "en", "value": "The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-06-12T05:23:39.401Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5012", "state": "PUBLISHED", "dateUpdated": "2025-06-12T13:07:54.135Z", "dateReserved": "2025-05-20T15:46:04.592Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-12T05:23:39.401Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amentotech:workreap:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD1BDB67-C2D7-4414-9B60-786304B69187", "versionEndExcluding": "3.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento Workreap para WordPress, utilizado por el tema Workreap - Freelance Marketplace para WordPress, es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'workreap_temp_upload_to_media' en todas las versiones hasta la 3.3.2 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-5012", "lastModified": "2025-07-10T00:12:21.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-12T06:15:23.640", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:27:29.927023+00:00", "value": {"mitigation_remediation": ["Upgrade Workreap to version 3.3.3 or later.", "If an upgrade is unavailable, disable or restrict file uploads in the plugin settings and enforce strict MIME type validation to block non\u2011image files.", "Modify the server\u2019s uploads directory permissions to disallow script execution and configure the web server to serve uploads as static content only."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Upload leading to potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Vendors affected are AmentoTech\u2019s Workreap plugin for WordPress, versions up to and including 3.3.2. Administrators and users with Subscriber-level privileges or higher within the WordPress backend can exploit the flaw. All instances using the Workreap theme version 3.3.3 and later are not vulnerable, but any site still using 3.3.2 or earlier remains at risk.", "description_and_impact": "The Workreap WordPress plugin contains a flaw in the workreap_temp_upload_to_media function where file type validation is omitted, allowing anyone with Subscriber-level or higher access to upload any file to the server. The lack of type checking enables attackers to place malicious PHP, scripts, or other executable files in the upload directory, creating a direct path to remote code execution if the server interprets the file or if the attacker can gain file execution rights through other flaws. This vulnerability specifically targets the upload workflow used by the Workreap freelancing marketplace theme and does not affect unauthenticated users. The risk is confined to the affected site and relies on the attacker\u2019s ability to upload and then trigger execution of the file.", "risk_and_exploitability": "The CVSS v3.1 score of 8.8 classifies this as High, reflecting high impact and a medium to high exploitation probability. An EPSS score of 1% indicates that, while exploitation is not rare, it is somewhat likely; the flaw is not currently listed in the CISA KEV catalog. The attack path requires authenticated access via WordPress, but once the file is uploaded the attacker can trigger execution by accessing the file directly or through a vulnerable script that reads uploaded content. Defensive records must monitor for unexpected files in the uploads directory and confirm that file permissions prevent execution."}}}}, "created": "2026-04-28T01:30:17.925291+00:00", "updated": "2026-04-28T01:30:17.925306+00:00", "vendors": []}