CVE-2022-3846
published 2022-12-05CVE-2022-3846: The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.78%
51.4th percentile
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amentotech | workreap | < 2.6.3 | 2.6.3 |
| chrome_chrome | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-84hm-49qm-gq32: The Workreap WordPress theme before 2
ghsa_unreviewed·2022-12-05
CVE-2022-3846 [HIGH] CWE-639 GHSA-84hm-49qm-gq32: The Workreap WordPress theme before 2
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3841
vendor_chrome·2024-05-01·CVSS 6.1
CVE-2024-3841 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3841
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19 [$5000][ 40058873 ] Low CVE-2024-3844: Inappropriate implementation in Extensions
Reported by Alesandro Ortiz on 2022-02-23 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-05
Published