WordPress Plugin Vulnerabilities

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin < 6.5.0 - Missing Authorization

Description

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.4.0.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
uncanny-automator
Fixed in 6.5.0

References

CVE
CVE-2025-48133
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9661fa8-1c69-433b-8e18-039000e7d6e7

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Denver Jackson
Verified
No
WPVDB ID
747f5fdf-da0c-4197-b4bd-ce271c0ffcaf

Timeline

Publicly Published
2025-06-02 (about 11 months ago)
Added
2025-06-06 (about 11 months ago)
Last Updated
2025-06-06 (about 11 months ago)

Other

Published
Title
Published
2025-01-06
Title
Infility Global < 2.9.9 - Subscriber+ Plugin Settings Update
Published
2023-12-06
Title
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_global_value)
Published
2024-04-22
Title
Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! < 2.1.3 - Missing Authorization to Subscriber+ Arbitrary Post Creation
Published
2025-04-01
Title
Question Answer <= 1.2.70 - Missing Authorization
Published
2024-03-29
Title
DELUCKS SEO < 2.5.5 - Missing Authorization