WordPress Plugin Vulnerabilities

Uncanny Automator < 6.10.0 - Authenticated (Subscriber+) Information Exposure

Description

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 6.10.0 (exclusive). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
uncanny-automator
Fixed in 6.10.0

References

CVE
CVE-2025-66056
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/068c7475-87b7-4c60-ad6b-c4d311075ff7

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Legion Hunter
Verified
No
WPVDB ID
bac9af1b-6769-4146-bf8a-2d253d87f3ab

Timeline

Publicly Published
2025-11-07 (about 6 months ago)
Added
2025-11-25 (about 6 months ago)
Last Updated
2025-11-25 (about 6 months ago)

Other

Published
Title
Published
2024-05-07
Title
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Unauthenticated Information Exposure
Published
2023-11-28
Title
Media File Renamer < 5.7.0 - Sensitive Information Exposure via Log File
Published
2024-10-14
Title
WPIDE < 3.5.0 - Unauthenticated Full Path Dislcosure
Published
2026-03-02
Title
RT-Theme 18 | Extensions <= 2.5 - Unauthenticated Information Exposure
Published
2025-04-07
Title
Accept SagePay Payments Using Contact Form 7 < 2.1 - Unauthenticated Information Exposure