3 matches found
WordPress Zapier for WordPress plugin <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function vulnerability
Authenticated Subscriber+ Blind Server-Side Request Forgery via updateduser Function vulnerability discovered by shaman0x01 in WordPress Plugin Zapier for WordPress versions = 1.5.1...
CVE-2024-13411 Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updateduser function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary...
CVE-2024-13411 Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updateduser function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary...