CVE-2024-13838

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Configurations

Configuration 1 (hide)

cpe:2.3:a:uncannyowl:uncanny_automator:*:*:*:*:*:wordpress:*:*

History

02 Apr 2025, 12:41

Type Values Removed Values Added
First Time Uncannyowl uncanny Automator
Uncannyowl
CPE cpe:2.3:a:uncannyowl:uncanny_automator:*:*:*:*:*:wordpress:*:*
Summary
  • (es) El complemento Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 6.2 incluida a través del método 'call_webhook' de la clase Automator_Send_Webhook. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicación web y pueden usarse para consultar y modificar información de servicios internos.
References () https://plugins.trac.wordpress.org/changeset/3249921/uncanny-automator/trunk/src/core/lib/webhooks/class-automator-send-webhook.php - () https://plugins.trac.wordpress.org/changeset/3249921/uncanny-automator/trunk/src/core/lib/webhooks/class-automator-send-webhook.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=cve - Product

12 Mar 2025, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-12 07:15

Updated : 2025-04-02 12:41


NVD link : CVE-2024-13838

Mitre link : CVE-2024-13838

CVE.ORG link : CVE-2024-13838


JSON object : View

Products Affected

uncannyowl

  • uncanny_automator
CWE
CWE-918

Server-Side Request Forgery (SSRF)