Server-Side Request Forgery Vulnerability in Gravity Forms WebHooks Plugin from WordPress
CVE-2024-13845
5.5MEDIUM
What is CVE-2024-13845?
The Gravity Forms WebHooks plugin for WordPress, in versions up to and including 1.6.0, is susceptible to a Server-Side Request Forgery vulnerability. This flaw allows authenticated attackers with Administrator-level access to initiate web requests to arbitrary endpoints from the web application. Such actions can facilitate querying and modifying data from internal services, posing significant risks to data integrity and confidentiality.
Affected Version(s)
Gravity Forms WebHooks * <= 1.6.0