The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauth

WORDPRESS

09-09-2025 04:20

CVE-2025-9539 Vulnerabilidad documentada

8.0 HIGH

Tags

#wordpress

#plugin

#data

#wp

#web

#admin

#attackers

#authenticated

#arbitrary

#vulnerable

#remote

#privilege escalation

#privilege

#execution

#attack

#access

#unauthorized

Descripción

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress is vulnerable to unauthorized modification of data due a missing capability check on the automatorwp_ajax_import_automation_from_url function all versions up to, and including, 5.3.6. This makes it possible authenticated attackers, with Subscriber-level access above, create arbitrary which can lead Remote Code Execution or Privilege escalation once such automation activated by administrator

https://plugins.trac.wordpress.org/browser/automatorwp/tags/5.3.6/includes/admin/pages/import-automation.php#L386

https://www.wordfence.com/threat-intel/vulnerabilities/id/9efa04ca-68c8-4221-a3d9-cf75010d2266?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-9539

Resultados similares

Coincidentes en almenos en 50% de los tags

09-09-2025 CVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up ...
Ver información

09-09-2025 CVE-2025-9113
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file typ...
Ver información