In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation attack.
This vulnerability, discovered by security researcher mikemyers through the Wordfence Bug Bounty Program, allows authenticated attackers with subscriber-level access or higher to escalate their privileges to that of an administrator.
The vulnerability, present in Uncanny Automator versions up to and including 6.3.0.2, stems from improper capability checks in the plugin’s REST API endpoint.
This lack of validation allows attackers to manipulate user roles, potentially granting them full administrative control over affected websites.
With administrative access, attackers could upload malicious files, redirect users, or even inject spam content, leading to significant security breaches.
Wordfence, upon validating the exploit, assigned the vulnerability a high CVSS score of 8.8, highlighting its severity.
The researcher was awarded a bounty of $1,065.00 for uncovering and responsibly disclosing this issue.
Upon notification from Wordfence, the Uncanny Owl team promptly responded and released an initial patch on March 17, 2025, followed by a fully compliant update to version 6.4.0 on April 1, 2025.
This swift action underscores the importance of timely security updates in software development.
Wordfence has taken measures to protect its users from this vulnerability.
Premium, Care, and Response users received a firewall rule on March 7, 2025, to block potential exploits.
Free version users will receive similar protection on April 6, 2025, after the standard 30-day delay.
We strongly advise all users of Uncanny Automator to upgrade to the latest patched version immediately.
According to the Report, The cybersecurity community’s focus on identifying and patching such vulnerabilities is crucial in maintaining the integrity and security of the WordPress ecosystem, particularly in plugins with significant user bases.
As the WordPress platform continues to evolve, the commitment to “defense in depth” through vulnerabilities’ responsible disclosure and quick patching remains paramount.
This incident serves as a reminder of the ongoing need for vigilance and prompt action in the face of emerging cyber threats.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…
Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…
Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…
Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…
The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…