Server-Side Request Forgery Vulnerability in Gravity Forms WebHooks Plugin from WordPress
CVE-2024-13845

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: Gravity Forms Webhooks
Vendor: CVE Published:; 1 May 2025

What is CVE-2024-13845?

The Gravity Forms WebHooks plugin for WordPress, in versions up to and including 1.6.0, is susceptible to a Server-Side Request Forgery vulnerability. This flaw allows authenticated attackers with Administrator-level access to initiate web requests to arbitrary endpoints from the web application. Such actions can facilitate querying and modifying data from internal services, posing significant risks to data integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Gravity Forms WebHooks * <= 1.6.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.gravityforms.com/blog/brand-new-release-webho...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Feb 6, 2025

Credit

Francesco Carlucci

JSON

WordPress