CVE-2025-69101
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-01
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amentotech | workreap_core | to 3.4.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69101 is a high-severity authentication bypass vulnerability in the WordPress Workreap Core Plugin (versions up to 3.4.0). It allows unauthenticated attackers to bypass normal authentication mechanisms and perform actions reserved for higher-privileged users, potentially gaining administrative access to the affected website. This vulnerability falls under the OWASP Top 10 category A7: Identification and Authentication Failures and has a critical CVSS score of 9.8. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts, including unauthorized administrative access to your WordPress site. Attackers exploiting this flaw can perform privileged actions without authentication, potentially leading to account takeover, data manipulation, site defacement, or further compromise of the website and its users. Because no authentication is required to exploit it, the risk of attack is high. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for CVE-2025-69101, you should immediately apply the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability. This mitigation helps protect your WordPress site from unauthorized access until an official fix is released. It is strongly advised to implement this mitigation as soon as possible to safeguard your website. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to gain administrative access to affected websites, potentially leading to unauthorized access to sensitive personal or protected health information. Such unauthorized access could result in non-compliance with standards and regulations like GDPR and HIPAA, which require strict controls over authentication and protection of sensitive data. Therefore, exploitation of this vulnerability may lead to violations of these compliance requirements. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system. However, Patchstack has issued a mitigation rule to block attacks exploiting this flaw until an official patch is released. Users are advised to apply this mitigation immediately. For detailed detection or scanning commands, no data is available in the provided resources. [1]