CVE-2025-5012 is a critical vulnerability affecting the Workreap plugin for WordPress, specifically versions up to and including 3.3.2. Workreap is a plugin used in the Workreap - Freelance Marketplace WordPress Theme developed by AmentoTech. The vulnerability arises from improper validation of file types in the 'workreap_temp_upload_to_media' function, which handles temporary file uploads. This lack of validation allows authenticated users with as little as Subscriber-level privileges to upload arbitrary files to the server hosting the WordPress site. Because the plugin does not restrict the types of files that can be uploaded, attackers can potentially upload malicious scripts or executable files. This can lead to remote code execution (RCE), allowing attackers to execute arbitrary code on the server, compromise the underlying system, and potentially gain full control over the affected website and server environment. The vulnerability has a CVSS v3.1 base score of 8.8, indicating high severity, with attack vector being network-based, low attack complexity, requiring privileges (low), no user interaction, and impacting confidentiality, integrity, and availability at a high level. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the potential impact makes this vulnerability a significant threat. The vulnerability affects all versions of the plugin up to 3.3.2, and no official patches or updates are currently linked, indicating that mitigation may require manual intervention or disabling the plugin until a fix is released. This vulnerability is categorized under CWE-434, which refers to unrestricted file upload vulnerabilities that can lead to code execution or other malicious activities.

For European organizations using WordPress sites with the Workreap plugin, this vulnerability poses a substantial risk. Since the exploit requires only Subscriber-level access, which is commonly granted to registered users or contributors, attackers can leverage compromised or created accounts to upload malicious files. Successful exploitation can lead to remote code execution, resulting in complete site compromise, data breaches, defacement, or use of the server as a pivot point for further attacks within the organization's network. This can disrupt business operations, damage reputation, and lead to regulatory non-compliance, especially under GDPR requirements for protecting personal data. Organizations in sectors with high reliance on freelance marketplaces or service platforms—such as digital agencies, recruitment firms, and gig economy platforms—are particularly vulnerable. The availability of the site can be impacted by server compromise or denial-of-service conditions triggered by malicious payloads. Confidentiality and integrity of data stored or processed by the affected WordPress sites are at high risk. Given the widespread use of WordPress across Europe and the popularity of freelance marketplace themes, the threat surface is significant. Additionally, the lack of user interaction required for exploitation increases the likelihood of automated attacks targeting vulnerable installations.

1. Immediate mitigation should include restricting or disabling the Workreap plugin until a security patch or update is released by AmentoTech. 2. Implement strict access controls to limit Subscriber-level account creation and monitor for suspicious account activity or unauthorized registrations. 3. Employ web application firewalls (WAFs) with custom rules to detect and block file upload attempts with dangerous file extensions or unusual payloads targeting the vulnerable upload function. 4. Conduct regular audits of uploaded media files to detect and remove any unauthorized or suspicious files. 5. Harden the server environment by disabling execution permissions in directories used for file uploads, preventing uploaded scripts from running even if uploaded. 6. Monitor logs for unusual file upload patterns or access attempts to the upload endpoint. 7. Educate site administrators on the risks of this vulnerability and encourage timely updates once patches are available. 8. Consider implementing multi-factor authentication (MFA) for all user accounts to reduce the risk of account compromise leading to exploitation. 9. Use security plugins that enforce file type validation and scanning for malicious content on uploads as an additional layer of defense. 10. Backup website data regularly and ensure backups are stored securely offline to enable recovery in case of compromise.