cleantalk
Vulnerabilities and Security Researches

AutomatorWP – The #1 automator plugin for no-code automation in WordPress, CVE-2025-9542

CVE, Research URL

CVE-2025-9542

Home page URL

Security reports for AutomatorWP – The #1 automator plugin for no-code automation in WordPress

Application

AutomatorWP – The #1 automator plugin for no-code automation in WordPress

Published on
Sep 09, 2025
Research Description
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify integration settings or view existing automations.
Affected versions
max 5.3.8.
Status
vulnerable
Previous vulnerability researches
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-54017) , Aug 05, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2026-39514) , May 02, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-68514) , Feb 28, 2026
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-49870) , Jul 05, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-11291) , Dec 19, 2024
New vulnerability
Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) (CVE-2024-13362) , May 02, 2026
Bulk Edit Posts and Products in Spreadsheet (CVE-2024-13362) , May 02, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2024-13362) , May 02, 2026
Justified Gallery (CVE-2024-13362) , May 02, 2026
Google Analytics WordPress Plugin by GA4WP (CVE-2024-13362) , May 02, 2026