CVE-2024-13940

Name of the Vulnerable Software and Affected Versions: Ninja Forms Webhooks plugin for WordPress versions up to, and including, 3.0.7

Description: The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The vulnerability is related to the form webhook functionality.

Recommendations: For versions up to, and including, 3.0.7, update to a version later than 3.0.7 to resolve the issue. As a temporary workaround, consider restricting access to the form webhook functionality to minimize the risk of exploitation.