Zapier for WordPress < 1.5.2 – Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function | CVE 2024-13411 | Plugin Vulnerabilities

Description

The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Affects Plugins

Fixed in 1.5.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/701dc461-88e7-40bf-a4fb-f92723b6e05e

Classification

Type

SSRF

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

shaman0x01

Verified

No

WPVDB ID

572c4cc5-5ef8-4759-92b0-7c694a4994c9

Timeline

Publicly Published

2025-03-25 (about 1 year ago)

Added

2025-03-25 (about 1 year ago)

Last Updated

2025-03-26 (about 1 year ago)

Other

Published

Title

Published

2026-01-16

Title

Church Admin < 5.0.29 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

Published

2024-04-03

Title

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Published

2025-09-22

Title

DriCub <= 2.9 - Unauthenticated Server-Side Request Forgery

Published

2025-01-03

Title

Course Migration for LearnDash <= 1.0.2 - Authenticated (Subscriber+) Server-Side Request Forgery

Published

2025-02-14

Title

Stream < 4.1.0 - Authenticated (Admin+) Server-Side Request Forgery