CVE-2025-9539

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions prior to 5.3.7

Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check on the automatorwp ajax import automation from url function. This allows authenticated attackers with Subscriber-level access or higher to create arbitrary automations, potentially leading to Remote Code Execution or Privilege escalation when activated by an administrator.

Recommendations: Update AutomatorWP – Automator plugin for WordPress to version 5.3.7 or later.

Fix

LPE

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-9539

Affected Products

Automatorwp

CVE-2025-9539

Weakness Enumeration

Related Identifiers

Affected Products

References · 6