Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Over 50000 WordPress Sites Exposed by Flaw

April 7, 2025
Reading Time: 2 mins read
in Alerts
Dell Releases Update for Critical DD OS Flaw

A critical privilege escalation vulnerability was recently discovered in the Uncanny Automator plugin used by over 50,000 WordPress websites. Identified by security researcher mikemyers, the vulnerability allows authenticated attackers to escalate privileges from subscriber-level access to administrator rights. This flaw is found in Uncanny Automator versions up to and including 6.3.0.2, where improper capability checks in the plugin’s REST API endpoint fail to validate user roles. As a result, attackers can gain full administrative control over affected sites, putting them at risk of malicious file uploads, user redirects, or content injection.

The vulnerability, assigned a high CVSS score of 8.8 by Wordfence, was validated by the company’s team after mikemyers responsibly disclosed it.

The researcher was awarded a bounty of $1,065 for identifying and reporting the issue. The flaw’s impact is significant, as an attacker with administrator privileges could cause major disruptions to website operations. Attackers could manipulate user roles and inject malicious content, leading to potential security breaches that compromise website integrity and user trust.

In response, the Uncanny Owl team released a patch on March 17, 2025, followed by a fully compliant update to version 6.4.0 on April 1, 2025.

Wordfence also took immediate action by implementing a firewall rule for premium users on March 7, 2025, to block potential exploits. Users of the free version received the protection rule on April 6, 2025, after the standard 30-day delay. The quick response underscores the importance of timely software updates and the role of the cybersecurity community in mitigating emerging threats.

This incident highlights the ongoing importance of vigilance in securing WordPress websites, particularly in widely-used plugins. The security community’s commitment to responsible vulnerability disclosure and fast patching is vital for maintaining the platform’s ecosystem security. Website owners are strongly advised to upgrade to the latest patched version to protect against this critical attack. The incident serves as a reminder of the need for continuous defense in depth against evolving cyber threats.

Reference:
  • Dell Issues Critical Security Update for PowerProtect Data Domain OS Vulnerability
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial