CVE-2025-2075
published 2025-04-04CVE-2025-2075: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up…
PriorityP181high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.25%
80.7th percentile
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uncannyowl | uncanny_automator | < 6.4 | 6.4 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: Uncanny Automator Privilege Escalation - CVE-2025-2075 condition: and
- →The vulnerability exists in the add_role() and user_role() REST API functions which lack proper capability checks via validate_rest_call(). Monitor for unauthenticated or low-privileged REST API calls to these endpoints that result in a user role being set to 'administrator'. ↗
- →Flag any REST API requests that modify user roles to 'administrator' originating from unauthenticated or low-privileged sessions on WordPress sites running Uncanny Automator <= 6.3.0.2. ↗
- →The Sigma rule fragment references 'Uncanny Automator Select {{username}}' as a detection pattern, suggesting log entries or payloads containing this string may be indicative of exploitation attempts.
- ·Privilege escalation requires the target to have an existing (active) account on the site — purely unauthenticated account creation is NOT possible; the attacker must already have a valid low-privileged account. ↗
- ·All versions up to and including 6.3.0.2 of the Uncanny Automator WordPress plugin are affected. Ensure detection/patching scope covers this full version range. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j95-6ppr-m85x: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all ve
ghsa_unreviewed·2025-04-04
CVE-2025-2075 [HIGH] CWE-862 GHSA-4j95-6ppr-m85x: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all ve
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
VulnCheck
uncannyowl uncanny_automator Missing Authorization
vulncheck·2025·CVSS 8.8
CVE-2025-2075 [HIGH] uncannyowl uncanny_automator Missing Authorization
uncannyowl uncanny_automator Missing Authorization
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Affected: uncannyowl uncanny_automator
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if re
No detection rules found.
Nuclei
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
nuclei·CVSS 8.8
CVE-2025-2075 [HIGH] Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Uncanny Automator Select {{username}}<'
condition: and
# digest: 4a0a00473045022100c48c6688e63ae2ce47a315783917cd20cc377841f9f14c0146f0cbfacd6ca6da02205a061dd137c68958319038dc7fc8e9f6e00b6485e7e4460af8a6deaa947828ca:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3257300/uncanny-automator/trunk/src/core/classes/class-background-actions.phphttps://plugins.trac.wordpress.org/changeset/3265280/uncanny-automator/trunk/src/core/classes/class-background-actions.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=cve
2025-04-04
Published
Exploited in the wild