Primary

Context

AutomatorWP Missing Authorization Vulnerability Allowing Data Modification

Vulnerability

Patched

A vulnerability exists in the AutomatorWP WordPress plugin, specifically in versions through 5.3.7, due to a lack of proper capability checks on several functions. This flaw enables authenticated users with Subscriber-level access or higher to unauthorizedly access and alter integration settings or view existing automations.

Impact

Exploitation of this vulnerability allows for unauthorized access to and modification of integration settings and automations by users with Subscriber-level access or higher.

Remediation

Users are advised to update the AutomatorWP plugin to version 5.3.8 or a newer patched version.

Added: Sep 9, 2025, 7:20 AM

Updated: Sep 9, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.1

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.1

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AutomatorWP Missing Authorization Vulnerability Allowing Data Modification

Vulnerability

Impact

Remediation

Affected Products

AutomatorWP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating