cbcvebase.
CVE-2025-2075
published 2025-04-04

CVE-2025-2075: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up…

PriorityP181high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.25%
80.7th percentile
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.

Affected

1 ranges
VendorProductVersion rangeFixed in
uncannyowluncanny_automator< 6.46.4

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: Uncanny Automator Privilege Escalation - CVE-2025-2075
condition: and
  • The vulnerability exists in the add_role() and user_role() REST API functions which lack proper capability checks via validate_rest_call(). Monitor for unauthenticated or low-privileged REST API calls to these endpoints that result in a user role being set to 'administrator'.
  • Flag any REST API requests that modify user roles to 'administrator' originating from unauthenticated or low-privileged sessions on WordPress sites running Uncanny Automator <= 6.3.0.2.
  • The Sigma rule fragment references 'Uncanny Automator Select {{username}}' as a detection pattern, suggesting log entries or payloads containing this string may be indicative of exploitation attempts.
  • ·Privilege escalation requires the target to have an existing (active) account on the site — purely unauthenticated account creation is NOT possible; the attacker must already have a valid low-privileged account.
  • ·All versions up to and including 6.3.0.2 of the Uncanny Automator WordPress plugin are affected. Ensure detection/patching scope covers this full version range.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.