PT-2025-36578

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions prior to 5.3.7 Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check on the automatorwp ajax impo...

CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

DRUPAL-CONTRIB-2025-031

This module enables you to define automations on your Drupal site. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability can be mitigated by disabling the "eca\ui" submodule, which leaves ECA functionality intact, but the vulnerable routes will no longer be...

ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031

This module enables you to define automations on your Drupal site. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability can be mitigated by disabling the "ecaui" submodule, which leaves ECA functionality intact, but the vulnerable routes will no longer be...

WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh in WordPress Plugin FunnelKit Automations versions = 3.5.1...

WordPress Automation By Autonami plugin <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' vulnerability

Unauthenticated SQL Injection via 'automationId' vulnerability discovered by mikemyers in WordPress Plugin FunnelKit Automations versions = 3.5.1...

WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin FunnelKit Automations versions = 3.1.2...

WordPress Plugin FunnelKit Automations 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin FunnelKit...

@adobe/openwhisk-probot-builder (>=1.0.37 <=1.0.66), @adobe/probot-serverless-openwhisk (>=4.0.32 <=4.0.55) +29 more potentially affected by CVE-2023-50728 via probot (>=0.3.3 <=12.3.1)

probot NPM version =0.3.3, =1.0.37, =4.0.32, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =0.0.0-PLACEHOLDER, =0.1.0, =1.0.0, =0.0.1, =0.10.1, =2.0.0, =2.1.0 and more Source cves: CVE-2023-50728 Source advisory: OSV:GHSA-PWFR-8PQ7-X9QV...

Getting started with the CDMC framework—Microsoft’s guide to cloud data management

On March 20, 2023, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC certification. As a proponent of wider industry standards, I was fortunate to be part of Microsoft’s executive team working to achieve this important milestone. Beginning in 2020, we...

Microsoft achieves first native Cloud Data Management Capabilities certification

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s...

pt-automations.com Cross Site Scripting vulnerability OBB-2921529

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-2389

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations...

CVE-2022-2389

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations...

Cross site request forgery (csrf)

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations...

WordPress plugin Automations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation

The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations PoC var data = new FormData data.append'file',new...

Deploying a SOAR Tool Doesn’t Have to Be Hard: I’ve Done It Twice

As the senior information security engineer at Brooks, an international running shoe and apparel company, I can appreciate the challenge of launching a security orchestration, automation, and response SOAR tool for the first time. I’ve done it at two different companies, so I’ll share some lesson...