Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AmentoTech — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting AmentoTech. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AmentoTech develops enterprise software solutions for supply chain management, with 12 CVEs recorded to date. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and access control weaknesses. While no major public security incidents have been documented, their vulnerability history suggests a pattern of security gaps in authentication mechanisms and secure coding practices. The company's products remain attractive targets due to their integration with critical business infrastructure, necessitating robust security measures to address recurring issues in input handling and session management.

Top products by AmentoTech: Workreap Doctreat Workreap (theme's plugin) Tuturn WP Guppy Taskbot Workreap Core
CVE IDTitleCVSSSeverityPublished
CVE-2025-69101 WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability — Workreap CoreCWE-288 9.8 Critical2026-01-22
CVE-2025-22728 WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability — Workreap (theme's plugin)CWE-89 8.5 High2026-01-08
CVE-2025-64235 WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability — TuturnCWE-22 6.5 Medium2025-12-18
CVE-2025-64236 WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability — TuturnCWE-288 9.8 Critical2025-12-18
CVE-2025-59566 WordPress Workreap (theme's plugin) plugin <= 3.3.5 - Arbitrary File Deletion vulnerability — Workreap (theme's plugin)CWE-22 7.7 High2025-10-22
CVE-2025-58971 WordPress Doctreat theme <= 1.6.7 - Cross Site Scripting (XSS) Vulnerability — DoctreatCWE-79 7.1 High2025-10-22
CVE-2025-58970 WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability — DoctreatCWE-80 6.3 Medium2025-10-22
CVE-2025-58959 WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability — TaskbotCWE-22 7.7 High2025-10-22
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' — WorkreapCWE-288 9.8 Critical2025-06-12
CVE-2025-5012 Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media' — WorkreapCWE-434 8.8 High2025-06-12
CVE-2025-31920 WordPress WP Guppy plugin <= 4.3.3 - SQL Injection Vulnerability — WP GuppyCWE-89 8.5 High2025-06-09
CVE-2024-13446 Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover — WorkreapCWE-288 9.8 Critical2025-03-12

This page lists every published CVE security advisory associated with AmentoTech. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.