CVE-2025-4973: CWE-288 Authentication Bypass Using an Alternate Path or Channel in AmentoTech Workreap
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
AI Analysis
Technical Summary
The Workreap plugin for WordPress suffers from an authentication bypass vulnerability (CWE-288) due to improper identity verification when confirming accounts via email. Attackers can bypass authentication and gain access to accounts, including administrator accounts, if they know the email address and the confirmation_key is unset. This affects all versions up to and including 3.3.1. The vulnerability is remotely exploitable without privileges or user interaction, resulting in full compromise of affected installations. No patch or remediation guidance has been provided by the vendor as of the publication date.
Potential Impact
Successful exploitation allows unauthenticated attackers to log in as any registered user, including administrators, leading to full compromise of the affected WordPress site. This impacts confidentiality, integrity, and availability of the system. The vulnerability has a critical CVSS score of 9.8. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling the Workreap plugin or restricting access to affected functionality. Monitor for vendor updates and apply patches promptly once available.
CVE-2025-4973: CWE-288 Authentication Bypass Using an Alternate Path or Channel in AmentoTech Workreap
Description
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Workreap plugin for WordPress suffers from an authentication bypass vulnerability (CWE-288) due to improper identity verification when confirming accounts via email. Attackers can bypass authentication and gain access to accounts, including administrator accounts, if they know the email address and the confirmation_key is unset. This affects all versions up to and including 3.3.1. The vulnerability is remotely exploitable without privileges or user interaction, resulting in full compromise of affected installations. No patch or remediation guidance has been provided by the vendor as of the publication date.
Potential Impact
Successful exploitation allows unauthenticated attackers to log in as any registered user, including administrators, leading to full compromise of the affected WordPress site. This impacts confidentiality, integrity, and availability of the system. The vulnerability has a critical CVSS score of 9.8. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling the Workreap plugin or restricting access to affected functionality. Monitor for vendor updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-20T00:13:58.960Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 684a67d6358c65714e6a146b
Added to database: 6/12/2025, 5:38:30 AM
Last enriched: 4/9/2026, 5:31:04 PM
Last updated: 5/9/2026, 9:11:53 AM
Views: 111
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.