Description
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Published: 2025-04-04
Score: 8.8 High
EPSS: 26.3% Moderate
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Uncanny Automator plugin for WordPress contains a vulnerability tied to missing capability checks in the add_role() and user_role() functions. Because the validate_rest_call() routine does not verify the caller’s authority, an authenticated user can change any other user’s role to administrator. This allows an attacker who already holds an account — for example a subscriber or contributor — to elevate privileges to full site ownership, compromising confidentiality, integrity and availability of the WordPress installation. The weakness is a classic authorization failure (CWE-862).

Affected Systems

Versions of the Uncanny Automator plugin up to and including 6.3.0.2 are affected. The vulnerability impact spans all installations of Uncanny Owl’s Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress that have not yet been updated beyond that version.

Risk and Exploitability

The CVSS score of 8.8 classifies this flaw as high severity, and the EPSS of 26% indicates it is considered likely to be exploited. While lacking a KEV listing, the vulnerability is reachable through normal authentication mechanisms; an attacker must possess a valid account but can then change roles of any user. Successful exploitation grants full administrator control of the site, enabling data exfiltration, site defacement, and further attacks against connected services.

Generated by OpenCVE AI on April 21, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Uncanny Automator to a version newer than 6.3.0.2 as released by Uncanny Owl.
  • Audit the current user roles on the site to ensure no unrelated accounts hold administrator privileges.
  • Configure the server or web application firewall to block or monitor calls to the add_role() and user_role() endpoints until the patch is applied.

Generated by OpenCVE AI on April 21, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Uncannyowl
Uncannyowl uncanny Automator
CPEs cpe:2.3:a:uncannyowl:uncanny_automator:*:*:*:*:*:wordpress:*:*
Vendors & Products Uncannyowl
Uncannyowl uncanny Automator

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.12026}

 epss

{'score': 0.13305}

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 04:30:00 +0000

Type Values Removed Values Added
Description The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Title Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Uncannyowl Uncanny Automator
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:04:52.226Z

Reserved: 2025-03-06T21:25:13.790Z

Link: CVE-2025-2075

cve-icon Vulnrichment

Updated: 2025-04-04T14:26:50.432Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-04T05:15:45.400

Modified: 2025-08-08T20:07:37.347

Link: CVE-2025-2075

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T21:30:45Z

Weaknesses