Vulnerabilities and security researches forintegromat-connector integromat-connector

Jun 07, 2024

CVE, Research URL: 1276509fccb388cdaad040b2addd7e6fad6e40ce
Home page URL: Security reports for Make Connector
Application: Make Connector
Date: Sep 26, 2022
Research Description: Make Connector [integromat-connector] < 1.5.3 Make, formerly Integromat Connector <= 1.5.2 - Authenticated (Subscriber+) Information Disclosure The Make plugin for WordPress is vulnerable to authorization bypass due to a missing capability check and nonce verification on an admin_menu action in versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to download the plugin's logs which may contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

Sep 06, 2025

CVE, Research URL: CVE-2025-6085
Home page URL: Security reports for Make Connector
Application: Make Connector
Date: Sep 04, 2025
Research Description: The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable