Vulnerabilities and security researches forzapier zapier

Mar 26, 2025

CVE, Research URL: CVE-2024-13411
Home page URL: Security reports for Zapier for WordPress
Application: Zapier for WordPress
Date: Mar 26, 2025
Research Description: The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
Affected versions: Min -, max -.
Status: vulnerable

Jun 27, 2025

CVE, Research URL: CVE-2025-50010
Home page URL: Security reports for Zapier for WordPress
Application: Zapier for WordPress
Date: Jun 20, 2025
Research Description: Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable