CVE-2025-5487

The CVE-2025-5487 entry covers AutomatorWP (WordPress) with a time-based SQL Injection via the field_conditions parameter. Root cause is insufficient escaping and poor SQL query preparation, allowing authenticated Administrators (and higher) to append queries to extract data. Connected patches in...

CVE-2025-48280

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.1.3...

CVE-2025-48280 WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3...

CVE-2024-12626

The CVE-2024-12626 entry concerns the WordPress plugin AutomatorWP (Automator plugin) versions up to and including 5.0.9. A Reflected Cross-Site Scripting (XSS) flaw exists in the a-0-o-search_field_value parameter due to insufficient input sanitization and output escaping, allowing unauthenticat...

CVE-2024-12626 AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-searchfieldvalue’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitizatio...