cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forautomatorwp automatorwp

Direction: ascending
Jun 07, 2024

AutomatorWP – The #1 automator plugin for no-code automation in WordPress # CVE-2023-23992

CVE, Research URL

CVE-2023-23992

Home page URL

Security reports for AutomatorWP – The #1 automator plugin for no-code automation in WordPress

Application

AutomatorWP – The #1 automator plugin for no-code automation in WordPress

Date
Feb 28, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.
Affected versions
Min -, max -.
Status
vulnerable

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress # CVE-2021-24717

CVE, Research URL

CVE-2021-24717

Home page URL

Security reports for AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Application

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Date
Nov 01, 2021
Research Description
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.
Affected versions
Min -, max -.
Status
vulnerable
Dec 20, 2024

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress # CVE-2024-12626

CVE, Research URL

CVE-2024-12626

Home page URL

Security reports for AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Application

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Date
Dec 19, 2024
Research Description
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code.
Affected versions
Min -, max -.
Status
vulnerable
Jun 11, 2025

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress # CVE-2025-48280

CVE, Research URL

CVE-2025-48280

Home page URL

Security reports for AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Application

AutomatorWP &#8211; The #1 automator plugin for no-code automation in WordPress

Date
May 19, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3.
Affected versions
Min -, max -.
Status
vulnerable