| CVE编号 | CVE-2024-13838 |
|---|---|
| 发布日期 | 2025-03-12T07:00:22.022Z |
| 更新日期 | 2025-03-12T13:15:33.295Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | uncannyowl |
| 受影响的产品 | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin |
| 描述 | The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. |
参考链接:
