Security Advisory

CVE-2025-3623

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-14 02:23:17

Last updated 2026-04-08 16:32:23

Assigner Wordfence

State PUBLISHED

Description

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.

← Browse all CVEs View on cve.org ↗