WordPress plugin AutomatorWP SQL注入漏洞

WordPress AutomatorWP plugin is an open source automation plugin designed for WordPress that allows users to connect different WordPress plugins, sites and applications in a code-free way to create automated workflows. WordPress AutomatorWP plugin suffers from a SQL injection vulnerability that...

EUVD-2021-11629

Malware in sbrugna...

EUVD-2025-27224

Malicious code in bioql PyPI...

EUVD-2025-27225

Malicious code in bioql PyPI...

EUVD-2025-18321

Malicious code in bioql PyPI...

EUVD-2023-28056

Malicious code in bioql PyPI...

CVE-2025-9542

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

CVE-2025-9539

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

CVE-2025-9539

CVE-2025-9539 involves the WordPress plugin AutomatorWP ( Automator plugin for no-code automations, webhooks & custom integrations ) with a missing authorization check in the automatorwp_ajax_import_automation_from_url function. The vulnerability allows authenticated attackers with Subscriber-lev...

CVE-2025-9539 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

CVE-2025-9542

Summary (CVE-2025-9542) The WordPress plugin AutomatorWP – Automator (AutomatorWP) ≤ 5.3.7 is affected by a missing capability check that lets authenticated users with Subscriber-level access or higher view and modify integration settings and automations. The vulnerability affects all versions up...

CVE-2025-5487

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the fieldconditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied...

WordPress AutomatorWP plugin <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions vulnerability

Authenticated Administrator+ SQL Injection via fieldconditions vulnerability discovered by m0kr4n3 in WordPress Plugin AutomatorWP versions = 5.2.5...

PT-2025-25469 · WordPress · Automatorwp

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress versions up to, and including, 5.2.5 Description: The AutomatorWP plugin is vulnerable to time-based SQL Injection via the field conditions...

CVE-2023-23992

Cross-Site Request Forgery CSRF vulnerability in AutomatorWP plugin = 2.5.0 leads to object delete...

CVE-2021-24717

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions...

CVE-2024-12626

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-searchfieldvalue’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitizatio...

CVE-2023-23992

Cross-Site Request Forgery CSRF vulnerability in AutomatorWP plugin = 2.5.0 leads to object delete...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in AutomatorWP plugin = 2.5.0 leads to object delete...

CVE-2023-23992 WordPress AutomatorWP Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in AutomatorWP plugin = 2.5.0 leads to object delete...