CVE-2025-3623 - WordPress Uncanny Automator PHP Object Injection Vulnerability

CVE ID : CVE-2025-3623

Published : May 14, 2025, 3:15 a.m. | 39 minutes ago

Description : The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

How to click on the list when it said the list has no attribute “click”?

July 1, 2024

from selenium import webdriver
import time
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
import random
import select

driver = webdriver.Chrome(‘ChromeDriver’)
driver.get(“https://devbusiness.tunai.io/login”)
time.sleep(2)
driver.maximize_window()

#log in credentials
username = driver.find_element(By.NAME, “loginUsername”);
username.send_keys(“dayon@tunai”);

password = driver.find_element(By.NAME, “loginPassword”);
password.send_keys(“12341234″);

login = driver.find_element(By.XPATH,”//*[@id=’app’]/div/div/div/div/div/div[2]/form/div[4]/button”);
login.submit();
time.sleep(3)

driver.get(“https://devbusiness.tunai.io/dashboard/my_salon_user”)
time.sleep(3)

randomUsername = random.choice([“dayon.salon3@tunai”,”dayonmanager@tunai”,”Dayon.der@tunai”])
driver.find_element(By.XPATH, “//tbody[@role=’rowgroup’]/tr[@role=’row’]/td/a[text()='”+ randomUsername +”‘]”).click()
print(“Username selected: “, randomUsername)
time.sleep(5)

driver.find_element(By.XPATH,”//*[@id=’page-content’]/div/div[3]/div/div[2]/div/div/div[2]/div/div[1]/header/a”).click()
time.sleep(5)

# Get the list of elements
elements = driver.find_elements(By.CLASS_NAME,’custom-control-input’)

# Select a random element from the list
random_element = random.choice(elements)
driver.execute_script(“arguments[0].click();”, random_element)

# Click on the selected element
random_element.click()
print(“Element selected: “, random_element)
time.sleep(5)

driver.find_element(By.XPATH,”//*[@id=’accKey’]”).click()
time.sleep(5)

I’ve been add “argument.click[]”,”webdriver wait until EC to be clickable” but still showing “Element not intractable. What would be the other possible solution? Hope someone could clarify for me. Thanks and have a nice day.

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-3623 – WordPress Uncanny Automator PHP Object Injection Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

Itâ€™s Time To Talk AboutÂ â€œCSS5â€

New Vulnerabilities in Fortinet, SonicWall, and Grafana Pose Significant Risks

Telangana Police in India Recover, Return $10.13 Billion to Cybercrime Victims in 2024

Microsoft explains why it’s killing off Microsoft 365 VPN Defender on Windows 11, Android, iOS

How to click on the list when it said the list has no attribute “click”?

Lan Mouse – mouse and keyboard sharing via LAN

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)

CVE-2025-3623 – WordPress Uncanny Automator PHP Object Injection Vulnerability

Related Posts