CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

May 14, 2025

CVE ID : CVE-2025-4520

Published : May 14, 2025, 3:15 a.m. | 3 hours, 40 minutes ago

Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47891 – Apache Struts Command Injection

Next Article CVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

Highlights

CVE-2025-5590 – WordPress Owl Carousel SQL Injection Vulnerability

June 26, 2025

CVE ID : CVE-2025-5590

Published : June 26, 2025, 2:15 a.m. | 3 hours, 44 minutes ago

Description : The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

With Gears of War: Reloaded on the way, which Xbox 360 game would you like to see get rebuilt next? — Weekend discussion 💬

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

With Gears of War: Reloaded on the way, which Xbox 360 game would you like to see get rebuilt next? — Weekend discussion 💬

With Gears of War: Reloaded on the way, which Xbox 360 game would you like to see get rebuilt next? — Weekend discussion 💬

Jasmine – web launcher and session management application

Schulrechner – calculator you know from school

CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Learn Laravel by Building a Medium Clone

South African man imprisoned after ransom demand against his former employer

Understanding Font Families

Outlook’s classic yellow icon is back… at least unofficially

CVE-2025-5590 – WordPress Owl Carousel SQL Injection Vulnerability

3 Questions: Visualizing research in the age of AI

CVE-2025-32965: Backdoor in xrpl.js SDK Puts Crypto Wallets at Risk

CVE-2025-2759 – GStreamer Privilege Escalation Vulnerability

CVE-2025-4520 – Uncanny Automator WordPress Unauthorized Data Modification Vulnerability

Related Posts