50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

Wordfence's Bug Bounty Program rewards researchers for reporting vulnerabilities in WordPress plugins, with payouts up to $31,200. A recent submission revealed an Arbitrary File Upload vulnerability in Uncanny Automator, affecting over 50,000 sites. The vulnerability allows authenticated attackers to escalate user roles to administrators. The researcher who reported it earned $1,065. After full disclosure on March 11, the Uncanny Owl team promptly released patches. Users are urged to update to version 6.4.0 to mitigate risk, as the vulnerability poses a serious threat to site security.

https://www.wordfence.com/blog/2025/04/50000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-uncanny-automator-wordpress-plugin/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top