Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

Information

Software Type Plugin
Software Slug uncanny-automator (view on wordpress.org)
Software Status Active
Software Author uncannyowl
Software Website automatorplugin.com
Software Downloads 2,281,278
Software Active Installs 40,000
Software Record Last Updated June 18, 2026

11 Vulnerabilities

Submit a Vulnerability
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload
7.2
CVE-2026-2269
Mar 2, 2026
Researcher: lucsob
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2025-15522
Jan 22, 2026
Researcher: zaim
Uncanny Automator < 6.10.0 - Authenticated (Subscriber+) Information Exposure
4.3
CVE-2025-66056
Nov 7, 2025
Researcher: Legion Hunter
Uncanny Automator <= 6.7.0.1 - Missing Authorization
4.3
CVE-2025-58193
Aug 27, 2025
Researcher: Que Thanh Tuan - Blue Rock
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.4.0.2 - Missing Authorization
6.5
CVE-2025-48133
Jun 2, 2025
Researcher: Denver Jackson
Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function
9.1
CVE-2025-3623
May 13, 2025
Researchers: mikemyers, Gai Tanaka (63n0)
Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
5.4
CVE-2025-4520
May 9, 2025
Researcher: mikemyers
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2025-2075
Apr 3, 2025
Researcher: mikemyers
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook
5.5
CVE-2024-13838
Mar 11, 2025
Researcher: Francesco Carlucci
Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File
5.3
CVE-2023-52151
Dec 28, 2023
Researcher: Joshua Chan
Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect
5.4
CVE ID Unknown
May 24, 2023
Researchers:
Title Status CVE ID CVSS Researchers Date
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload Patched CVE-2026-2269 7.2 lucsob March 2, 2026
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2025-15522 6.4 zaim January 22, 2026
Uncanny Automator < 6.10.0 - Authenticated (Subscriber+) Information Exposure Patched CVE-2025-66056 4.3 Legion Hunter November 7, 2025
Uncanny Automator <= 6.7.0.1 - Missing Authorization Patched CVE-2025-58193 4.3 Que Thanh Tuan - Blue Rock August 27, 2025
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.4.0.2 - Missing Authorization Patched CVE-2025-48133 6.5 Denver Jackson June 2, 2025
Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function Patched CVE-2025-3623 9.1 mikemyers, Gai Tanaka (63n0) May 13, 2025
Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update Patched CVE-2025-4520 5.4 mikemyers May 9, 2025
Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation Patched CVE-2025-2075 8.8 mikemyers April 3, 2025
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook Patched CVE-2024-13838 5.5 Francesco Carlucci March 11, 2025
Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File Patched CVE-2023-52151 5.3 Joshua Chan December 28, 2023
Uncanny Automator <= 4.14 - Cross-Site Request Forgery via update_automator_connect Patched 5.4 May 24, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation