Description
WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently enumerate automations, disclose title of private posts or user emails, call functions, or escalate their privileges via Ajax actions. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 1.7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.6 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:5916EA42-EB33-463D-8528-2A142805C91F
https://plugins.svn.wordpress.org/automatorwp/trunk/changelog.txt
Related Vulnerabilities
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
WordPress Plugin WPtouch 'wptouch_redirect' Parameter URI Redirection (1.9.32)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)
Mailman Other Vulnerability (CVE-2004-0182)
WordPress Plugin GA Top post for WP by Asentechllc Security Bypass (1.0)