PT-2026-22712 · WordPress · The Uncanny Automator – Easy Automation
Lukasz Sobanski
·
Published
2026-03-03
·
Updated
2026-03-04
·
CVE-2026-2269
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin versions prior to 7.0.0.4
Description
The plugin is susceptible to Server-Side Request Forgery (SSRF). This allows authenticated attackers with Administrator-level access or higher to make web requests to arbitrary locations from the web application. This can be used to query and modify information from internal services. The plugin also stores the contents of remote files on the server, potentially enabling the upload of arbitrary files and remote code execution. The vulnerable function is
download url().Recommendations
Update The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin to version 7.0.0.4 or later.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Uncanny Automator – Easy Automation