Primary

Context

Uncanny Automator WordPress Plugin Missing Capability Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Uncanny Automator WordPress plugin, in versions through 6.4.0.2, allowing authenticated users with subscriber-level permissions or higher to unauthorizedly modify plugin settings. This issue arises from a lack of proper capability checks on several AJAX functions, which could be exploited to update plugin configurations without the necessary permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings, potentially allowing for further exploitation or disruption of site functionality.

Remediation

Users are advised to update the Uncanny Automator WordPress plugin to version 6.5.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uncanny Automator WordPress Plugin Missing Capability Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Uncanny Automator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating