WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

Exploit for SQL Injection in Valvepress Automatic

This is a PoC exploit for CVE-2024-27956, a vulnerability in the...

EUVD-2025-25809

Malicious code in bioql PyPI...

CVE-2025-6247

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

CVE-2025-6247

CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (

CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

WordPress plugin WordPress Automatic Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-34750 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions prior to 3.118.0 Description: The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows...

CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

WordPress plugin WordPress Automatic Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-25182 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions up to 3.115.0 Description: The WordPress Automatic Plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file. This allows authenticated attackers with...

WordPress Automatic plugin <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by haidv35 in WordPress Plugin Automatic versions = 3.94.0...

WordPress Automatic Plugin <= 3.94.0 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Type Plugin Vulnerable versions = 3.94.0 Fixed in 3.95.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4849 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c71dc29444f6 Credits haidv35 Required privilege...

CVE-2024-4849

CVE-2024-4849 (WordPress Automatic Plugin) is a Stored XSS in the WordPress Automatic Plugin for WordPress, affecting all versions up to 3.94.0 due to insufficient input sanitization and output escaping in the autoplay parameter. Exploitation requires authenticated access at Contributor level or ...

PT-2024-33126 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 Description: The issue is related to Stored Cross-Site Scripting via the autoplay parameter due to insufficient input sanitization and output escaping. This...

WordPress Automatic < 3.95.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

The vulnerability in the `inc/csv.php` script of the WordPress Automatic Plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL code.

The vulnerability in the inc/csv.php script of the WordPress Automatic Plugin, a content management system for WordPress websites, relates to the failure to protect the SQL query structure during the processing of the $q variable, as a result of the authentication mechanism being bypassed...

The vulnerability of the WordPress Automatic Plugin, a content management system plugin for WordPress, allows attackers to increase their privileges.

The vulnerability of the WordPress Automatic Plugin, a content management system for WordPress websites, is related to the falsification of cross-site requests due to incorrect validation of the value of the one-time code nonce. Exploiting this vulnerability can allow a malicious actor to enhance...

VulnCheck KEV: CVE-2024-27954

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...