CVE-2021-24717

Name of the Vulnerable Software and Affected Versions AutomatorWP WordPress plugin versions prior to 1.7.6

Description The issue allows users with Subscriber roles to enumerate automations, disclose titles of private posts or user emails, call functions, or perform privilege escalation via Ajax actions due to the lack of capability checks.

Recommendations For versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to Ajax actions for users with Subscriber roles until the update is applied.