CVE-2025-58193
BaseFortify
Publication date: 2025-08-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uncanny_owl | uncanny_automator | 6.8.0 |
| uncanny_owl | uncanny_automator | 6.7.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the WordPress Uncanny Automator Plugin (up to version 6.7.0.1). It occurs because certain plugin functions lack proper authorization, authentication, or nonce token checks. This flaw allows users with low-level privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. It is classified as a Broken Access Control vulnerability under the OWASP Top 10 category A1. [1]
How can this vulnerability impact me? :
The vulnerability could allow unprivileged users to execute actions reserved for higher-privileged users, potentially leading to unauthorized changes or misuse of the plugin's functionality. Although it has a low severity score (4.3) and is considered unlikely to be exploited, if exploited, it could compromise the integrity of your WordPress site by enabling privilege escalation within the plugin's context. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking the version of the Uncanny Automator WordPress plugin installed on your system. Versions up to and including 6.7.0.1 are affected. You can detect the plugin version via WordPress admin dashboard or by inspecting the plugin files. There are no specific network or system commands provided for detecting exploitation attempts. Since the vulnerability involves missing authorization checks, monitoring for unauthorized actions by Subscriber-level users may help. However, plugin-based malware scanners may be unreliable due to tampering. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Uncanny Automator plugin to version 6.8.0 or later, where the vulnerability is fixed. Alternatively, Patchstack offers virtual patching (vPatching) that can automatically mitigate the vulnerability before official patches are applied. Users should keep their plugins updated and consider professional incident response services if compromise is suspected. [1]