PT-2026-22712 · WordPress · The Uncanny Automator – Easy Automation

Lukasz Sobanski

·

Publicado

2026-03-03

·

Atualizado

2026-03-04

·

CVE-2026-2269

CVSS v3.1

7.2

Alta

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin versions prior to 7.0.0.4
Description The plugin is susceptible to Server-Side Request Forgery (SSRF). This allows authenticated attackers with Administrator-level access or higher to make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services. The plugin also stores the contents of remote files on the server, potentially enabling the upload of arbitrary files and remote code execution. The vulnerable function is download url().
Recommendations Update The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin to version 7.0.0.4 or later.

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2026-2269

Produtos afetados

The Uncanny Automator – Easy Automation