Description
WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently enumerate automations, disclose title of private posts or user emails, call functions, or escalate their privileges via Ajax actions. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 1.7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.6 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:5916EA42-EB33-463D-8528-2A142805C91F
https://plugins.svn.wordpress.org/automatorwp/trunk/changelog.txt
Related Vulnerabilities
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15731)
WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (2.12)
Magento Cryptographic Issues Vulnerability (CVE-2019-7860)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)