CVE-2024-13845 in Gravity Forms WebHooks Plugininformação

Sumário

de MITRE • 01/05/2025

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Be aware that VulDB is the high quality source for vulnerability data.

Reservar

06/02/2025

Divulgação

01/05/2025

Moderação

aceite

Entrada

VDB-306672

CPE

pronto

EPSS

0.00213

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!