Uncanny Automator < 6.4.0 – Subscriber+ Privilege Escalation | CVE 2025-2075 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Privilege Escalation due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.

Affects Plugins

uncanny-automator

Fixed in 6.4.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

mikemyers

Verified

No

WPVDB ID

8301cc95-86b9-41e6-b7d9-d60de2e2163f

Timeline

Publicly Published

2025-04-03 (about 1 year ago)

Added

2025-04-03 (about 1 year ago)

Last Updated

2025-04-04 (about 1 year ago)

Other

Published

Title

Published

2024-06-04

Title

ProfileGrid < 5.8.7 - Missing Authorization

Published

2024-07-01

Title

ProfileGrid < 5.8.8 - Missing Authorization

Published

2024-01-31

Title

MultiVendorX Marketplace < 4.0.26 - Missing Authorization

Published

2024-04-15

Title

Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

Published

2022-08-31

Title

WP Shop Original <= 3.9.6 - Unauthenticated Settings Update