cleantalk
Vulnerabilities and Security Researches

Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin, CVE-2025-4520

CVE, Research URL

CVE-2025-4520

Home page URL

Security reports for Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin

Application

Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin

Published on
May 14, 2025
Research Description
The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
Affected versions
Min -, max 6.5.0.
Status
vulnerable
Previous vulnerability researches
Wbcom Designs – Activity Link Preview For BuddyPress (CVE-2025-47548) , May 09, 2025
New vulnerability
WP Job Portal – A Complete Job Board (CVE-2025-47438) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-3623) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-4520) , May 15, 2025
WP Content Security Plugin (CVE-2025-4579) , May 15, 2025
B2i Investor Tools (CVE-2025-47458) , May 15, 2025