WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress Security Bypass (1.7.5) - Vulnerability Database

WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress Security Bypass (1.7.5)

Description

WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently enumerate automations, disclose title of private posts or user emails, call functions, or escalate their privileges via Ajax actions. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 1.7.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.7.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:5916EA42-EB33-463D-8528-2A142805C91F

https://plugins.svn.wordpress.org/automatorwp/trunk/changelog.txt

Related Vulnerabilities

Severity

High

Classification

CVE-2021-24717

CWE-863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N