CVE-2025-2075

Published Apr 4, 2025

Last updated 2 days ago

CVSS high 8.8

Overview

Description
The Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-862

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. ๐Ÿšจ CVE-2025-2075 ๐Ÿ”ด HIGH (8.8) ๐Ÿข uncannyowl - Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin ๐Ÿ—๏ธ * ๐Ÿ”— https://t.co/sfwVHHL6H0 ๐Ÿ”— https://t.co/GGrsuDZ8CY ๐Ÿ”— https://t.co/7Dm4avr0kD #CyberCron #VulnAlert #InfoSec https://t.co/D5a1JzfGut

    @cybercronai

    4 Apr 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-2075 The Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and โ€ฆ https://t.co/m6juLrVVdW

    @CVEnew

    4 Apr 2025

    124 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿšจ HIGH Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin Vulnerability (CVE-2025-2075) ๐Ÿšจ Uncanny Automator โ€“ Easy Automation, Integration, Webhooks & Workflow Builder Plugin (3.1) has a CWE-862 Missing Authorization flaw. Attackers

    @SecurtyRating

    4 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-2075: HIGH] WordPress plugin "Uncanny Automator" up to v6.3.0.2 is vulnerable to Privilege Escalation due to missing capability checks, enabling attackers to grant administrator access to arbitrary users.#cybersecurity,#vulnerability https://t.co/U4UjYnLXOd https://t.co

    @CveFindCom

    4 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References