CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

May 14, 2025

CVE ID : CVE-2025-4520

Published : May 14, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47891 – Apache Struts Command Injection

Next Article CVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

Highlights

CVE-2025-7113 – Portabilis i-Educar Cross-Site Scripting Vulnerability

July 7, 2025

CVE ID : CVE-2025-7113

Published : July 7, 2025, 5:15 a.m. | 1 hour, 7 minutes ago

Description : A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Designer Spotlight: Clarisse Michard

Covering hidden=until-found

A Few Things About the Anchor Element’s href You Might Not Have Known

Error’d: Abort, Cancel, Fail?

How to install OpenReports — IoT platform

How to install OpenReports — IoT platform

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

Chrome soon makes it easier to recall your tab groups and run AI Mode from the address bar

Chrome soon makes it easier to recall your tab groups and run AI Mode from the address bar

How to Change Primary Monitor: A Surprisingly Simple Shift

Reddit Fix: Your request has been blocked due to network policy reddit

CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

CVE-2025-8342 – WooCommerce OTP Login With Phone Number Authentication Bypass Vulnerability

CVE-2025-9006 – Tenda CH22 Buffer Overflow Vulnerability

Generative AI and privacy are best frenemies – a new study ranks the best and worst offenders

Benchmarking the ASRock Industrial NUC BOX-255H

My Journey to NASA’s Hall of Fame

CVE-2025-3605 – WordPress Frontend Login and Registration Blocks Privilege Escalation Vulnerability

CVE-2025-7113 – Portabilis i-Educar Cross-Site Scripting Vulnerability

Flutter Web Hot Reload Has Landed – No More Refreshes!

CVE-2025-28021 – TOTOLINK A810R Buffer Overflow Vulnerability

StepFun Introduces Step-Audio-AQAA: A Fully End-to-End Audio Language Model for Natural Voice Interaction

CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

Related Posts