CVE-2025-4520

Name of the Vulnerable Software and Affected Versions: Uncanny Automator plugin for WordPress versions up to, and including, 6.4.0.2

Description: The issue is related to a missing capability check on multiple AJAX functions, allowing authenticated attackers with subscriber-level permissions or above to update plugin settings. This enables unauthorized modification of data.

Recommendations: For versions up to, and including, 6.4.0.2, update to a version higher than 6.4.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX functions until a patch is available. Restrict permissions to prevent attackers with subscriber-level permissions or above from updating plugin settings.