Uncanny Automator Security Vulnerabilities and Issues — Uncanny Automator CVE List

Lucene search

UncannyowlUncanny Automator

9 matches found

CVE•added 2025/04/04 5:15 a.m.•58 views

CVE-2025-2075

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the vali...

8.8CVSS7AI score0.1315EPSS

CVE•added 2024/06/21 2:15 p.m.•47 views

CVE-2024-37118

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.

8.8CVSS7AI score0.00094EPSS

CVE•added 2025/06/05 9:15 p.m.•42 views

CVE-2025-48133

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.

9.8CVSS6.5AI score0.00062EPSS

CVE•added 2024/11/01 3:15 p.m.•39 views

CVE-2024-37119

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0.

9.8CVSS5.3AI score0.00388EPSS

CVE•added 2024/07/22 10:15 a.m.•37 views

CVE-2024-37117

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3.

7.1CVSS7AI score0.00127EPSS

CVE•added 2025/05/14 3:15 a.m.•37 views

CVE-2025-3623

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional pre...

9.1CVSS8.2AI score0.00141EPSS

CVE•added 2025/03/12 7:15 a.m.•35 views

CVE-2024-13838

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authentic...

5.5CVSS5.3AI score0.00037EPSS

CVE•added 2025/05/14 3:15 a.m.•35 views

CVE-2025-4520

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to upd...

5.4CVSS5.2AI score0.00032EPSS

CVE•added 2024/01/05 11:15 a.m.•29 views

CVE-2023-52151

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and inte...

5.3CVSS5.6AI score0.00148EPSS