Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Over 50000 WordPress Sites Exposed by Flaw

April 7, 2025
Reading Time: 2 mins read
in Alerts
Dell Releases Update for Critical DD OS Flaw

A critical privilege escalation vulnerability was recently discovered in the Uncanny Automator plugin used by over 50,000 WordPress websites. Identified by security researcher mikemyers, the vulnerability allows authenticated attackers to escalate privileges from subscriber-level access to administrator rights. This flaw is found in Uncanny Automator versions up to and including 6.3.0.2, where improper capability checks in the plugin’s REST API endpoint fail to validate user roles. As a result, attackers can gain full administrative control over affected sites, putting them at risk of malicious file uploads, user redirects, or content injection.

The vulnerability, assigned a high CVSS score of 8.8 by Wordfence, was validated by the company’s team after mikemyers responsibly disclosed it.

The researcher was awarded a bounty of $1,065 for identifying and reporting the issue. The flaw’s impact is significant, as an attacker with administrator privileges could cause major disruptions to website operations. Attackers could manipulate user roles and inject malicious content, leading to potential security breaches that compromise website integrity and user trust.

In response, the Uncanny Owl team released a patch on March 17, 2025, followed by a fully compliant update to version 6.4.0 on April 1, 2025.

Wordfence also took immediate action by implementing a firewall rule for premium users on March 7, 2025, to block potential exploits. Users of the free version received the protection rule on April 6, 2025, after the standard 30-day delay. The quick response underscores the importance of timely software updates and the role of the cybersecurity community in mitigating emerging threats.

This incident highlights the ongoing importance of vigilance in securing WordPress websites, particularly in widely-used plugins. The security community’s commitment to responsible vulnerability disclosure and fast patching is vital for maintaining the platform’s ecosystem security. Website owners are strongly advised to upgrade to the latest patched version to protect against this critical attack. The incident serves as a reminder of the need for continuous defense in depth against evolving cyber threats.

Reference:
  • Dell Issues Critical Security Update for PowerProtect Data Domain OS Vulnerability
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Oracle Issues Urgent E Business Suite Fix

Google And Mandiant Uncover Oracle Hack

October 14, 2025
Oracle Issues Urgent E Business Suite Fix

Unverified COTS Hardware Risks Satellites

October 14, 2025
Oracle Issues Urgent E Business Suite Fix

Oracle Issues Urgent E Business Suite Fix

October 14, 2025
Extortion Group Leaks Salesforce Data

Malicious Npm Packages Used In Phishing

October 13, 2025
Extortion Group Leaks Salesforce Data

Fake Inflation Refund Text Scam Hits NY

October 13, 2025
Extortion Group Leaks Salesforce Data

Rust Malware ChaosBot Exploits Discord

October 13, 2025

Latest Alerts

Google And Mandiant Uncover Oracle Hack

Unverified COTS Hardware Risks Satellites

Oracle Issues Urgent E Business Suite Fix

Malicious Npm Packages Used In Phishing

Fake Inflation Refund Text Scam Hits NY

Rust Malware ChaosBot Exploits Discord

Subscribe to our newsletter

    Latest Incidents

    SimonMed Imaging Reports Data Breach

    Unity SpeedTree Site Data Breach

    Multi Country Botnet Hits RDP Services

    North Korean IT Workers Evade Verification

    Harvard Probes Breach Tied To Oracle Flaw

    Qilin Ransomware Hits Beer Giant Asahi

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial