CVE-2025-15522

Name of the Vulnerable Software and Affected Versions The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin versions through 6.10.0.2

Description The Uncanny Automator plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping on the verified message parameter within the automator discord user mapping shortcode. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will execute when a user with a verified Discord account accesses the affected page.

Recommendations Update The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin to a version later than 6.10.0.2.