Unrated severityNVD Advisory· Published May 14, 2025· Updated Apr 8, 2026
Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
CVE-2025-4520
Description
The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=6.4.0.2
- uncannyowl/Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Pluginv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.