Primary

Context

Uncanny Automator WordPress Plugin Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in the Uncanny Automator WordPress plugin, specifically in versions through 6.10.0.2. The issue arises in the automator_discord_user_mapping shortcode, where inadequate input sanitization and output escaping of the verified_message parameter allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts. These scripts execute when a user with a verified Discord account accesses the affected page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Remediation

Users are advised to update the Uncanny Automator WordPress plugin to version 7.0.0 or later.

Added: Jan 23, 2026, 5:19 AM

Updated: Jan 23, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.4

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

5.4

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uncanny Automator WordPress Plugin Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Uncanny Automator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating