### [CVE-2021-24499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24499)
![](https://img.shields.io/static/v1?label=Product&message=Workreap&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.2.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brightgreen)

### Description

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.

### POC

#### Reference
- http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
- https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
- https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/RyouYoo/CVE-2021-24499
- https://github.com/buka-pitch/Exploit-for-WordPress-Theme-Workreap-2.2.2
- https://github.com/hh-hunter/cve-2021-24499
- https://github.com/j4k0m/CVE-2021-24499
- https://github.com/jytmX/CVE-2021-24499
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/n0-traces/cve_monitor
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC