On March 5th, 2025, we received a submission for an Arbitrary File Upload vulnerability in Uncanny Automator, a WordPress plugin with more than 50,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to grant themselves administrative privileges by updating the user role.
The post 50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence