CVE-2024-13411

The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
Configurations

No configuration.

History

27 Mar 2025, 16:45

Type Values Removed Values Added
Summary
  • (es) El complemento Zapier para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 1.5.1 incluida, a través de la función updated_user(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, realizar solicitudes web a ubicaciones arbitrarias desde la aplicación web, las cuales pueden utilizarse para consultar y modificar información de servicios internos.

26 Mar 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-26 12:15

Updated : 2025-03-27 16:45


NVD link : CVE-2024-13411

Mitre link : CVE-2024-13411

CVE.ORG link : CVE-2024-13411


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)