Medium severity6.4NVD Advisory· Published Mar 26, 2025· Updated Apr 15, 2026
CVE-2024-13411
CVE-2024-13411
Description
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
Affected products
1- Package: https://wordpress.org/plugins/zapier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- plugins.trac.wordpress.org/browser/zapier/trunk/zapier.phpnvd
- plugins.trac.wordpress.org/browser/zapier/trunk/zapier.phpnvd
- plugins.trac.wordpress.org/browser/zapier/trunk/zapier.phpnvd
- plugins.trac.wordpress.org/changeset/3257975/nvd
- wordpress.org/plugins/zapier/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/701dc461-88e7-40bf-a4fb-f92723b6e05envd
News mentions
0No linked articles in our index yet.