Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Uncanny Automator Bug Risks WordPress Sites

May 14, 2025
Reading Time: 2 mins read
in Alerts
Microsoft Defender Bug Allows SYSTEM Access

A serious authenticated PHP Object Injection vulnerability was identified. It directly impacted the Uncanny Automator WordPress plugin. This widely used plugin has over 50,000 active installations. Wordfence received the initial submission about this flaw on April 26th, 2024. An existing POP chain within the plugin aided potential exploits. The flaw allows attackers to delete arbitrary server files. This includes the absolutely vital wp-config.php configuration file. Such deletion can lead to complete site takeover by attackers. Remote code execution also becomes a severe, tangible risk. Authenticated attackers, even with subscriber-level access, could exploit this.

The security flaw was discovered by a researcher known as mikemyers. He responsibly reported it via Wordfence’s established Bug Bounty Program. This program actively encourages and rewards such important security discoveries. For his diligence and find, mikemyers earned a bounty of $1,021.00. Wordfence’s core mission is to secure WordPress sites thoroughly. They achieve this through a strategic defense-in-depth security approach. Investing in quality vulnerability research is fundamental to this mission. Collaborating with skilled researchers is also a critical element. Wordfence aims to make the entire WordPress ecosystem demonstrably more secure.

Wordfence first validated the submitted vulnerability report.

They also confirmed the proof-of-concept exploit. They then initiated contact with the Uncanny Owl team. This communication occurred on April 15, 2025. They asked the vendor to confirm a secure inbox for discussion. The vendor confirmed their inbox for handling the discussion that same day. Wordfence promptly sent over the full disclosure details. The Uncanny Owl team acknowledged the serious report. They began working on a fix almost immediately. The fully patched plugin, version 6.4.0.2, was then released.

This crucial update occurred on April 18, 2025. Their swift action was highly commendable. Users must update their sites urgently.

Wordfence Premium, Care, and Response users received a firewall rule. This key protection was deployed to their sites on April 22, 2025. Sites using the free Wordfence version will get this protection later. Their identical firewall protection activates on May 22, 2025. The vulnerability, CVE-2025-3623, holds a high CVSS score of 8.1. It specifically affected plugin versions up to and including 6.4.0.1. The core issue was found in the automator_api_decode_message() function. This function decodes, decrypts, and then unserializes input messages. Attackers could unfortunately control the decryption secret code. This allowed the injection of malicious PHP objects. A POP chain then facilitated the arbitrary file deletion. Deleting wp-config.php forces the site into a setup state. Attackers could then redirect it to their own database.

Reference:

  • PHP Object Injection Vulnerability In Uncanny Automator Risks 50000 WordPress Sites
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMay 2025
ADVERTISEMENT

Related Posts

New Godfather Trojan Hijacks Banking Apps

Winos 4.0 Malware Hits Taiwan Via Tax Phish

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Godfather Trojan Hijacks Banking Apps

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

June 20, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Minecraft Mods On GitHub Spread Malware

June 19, 2025
Russian Phishing Scam Bypasses Google 2FA

Russian Phishing Scam Bypasses Google 2FA

June 19, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Invoices Deliver Sorillus RAT In Europe

June 19, 2025

Latest Alerts

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Amatera Stealer Delivered By ClearFake

New Godfather Trojan Hijacks Banking Apps

Fake Minecraft Mods On GitHub Spread Malware

Fake Invoices Deliver Sorillus RAT In Europe

Russian Phishing Scam Bypasses Google 2FA

Subscribe to our newsletter

    Latest Incidents

    Massive Leak Exposes 16 Billion Credentials

    Tonga Health System Down After Ransomware

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    Hacker Mints $27M From Meta Pool Gets 132K

    UBS and Pictet Hit By Vendor Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial