Primary

Context

Uncanny Automator Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the Uncanny Automator WordPress plugin, affecting all versions through 6.3.0.2. The issue arises because the add_role() and user_role() functions lack proper capability checks, allowing unauthenticated users to assign the administrator role to any user. While this grants full access to the site, the vulnerability requires an active account, categorizing it as an authenticated privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges on the WordPress site, granting them full control.

Remediation

Users are advised to update the Uncanny Automator plugin to version 6.4.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uncanny Automator Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Uncanny Automator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating