CVE-2025-2075

Name of the Vulnerable Software and Affected Versions Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress versions up to, and including, 6.3.0.2

Description The issue is due to the add role() and user role() functions missing proper capability checks performed through the validate rest call() function. This allows attackers to set the role of arbitrary users to administrator, granting full access to the site. The privilege escalation requires an active account on the site.

Recommendations For versions up to, and including, 6.3.0.2, consider disabling the add role() and user role() functions until a patch is available. Restrict access to the validate rest call() function to minimize the risk of exploitation. Avoid using the add role() and user role() functions in the affected plugin until the issue is resolved.