logo_clicknbuy.png

Day: 14 May 2025

CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

CVE ID : CVE-2025-4520 Published : May 14, 2025, 3:15 a.m. | 55 minutes ago Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level […]

CVE-2025-3623 – WordPress Uncanny Automator PHP Object Injection Vulnerability

CVE ID : CVE-2025-3623 Published : May 14, 2025, 3:15 a.m. | 55 minutes ago Description : The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access […]