CVE-2026-56057
Deferred Deferred - Pending Action
Subscriber PHP Object Injection in Uncanny Automator Pro

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56057
EUVD
EUVD-2026-39711
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uncanny_automator pro to 7.3.0.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Uncanny Automator Pro Plugin allows critical risks such as code injection, SQL injection, path traversal, and denial of service attacks. These risks can lead to unauthorized access, data breaches, and disruption of services.

Such security incidents can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data, ensuring confidentiality, integrity, and availability of systems.

Failure to address this vulnerability could result in violations of these regulations due to potential data exposure or service interruptions.

Executive Summary

The WordPress Uncanny Automator Pro Plugin, specifically versions up to and including 7.3.0.6, is vulnerable to a high-priority PHP Object Injection vulnerability (CVE-2026-56057).

This flaw allows attackers to inject malicious PHP objects if a suitable Property-Oriented Programming (POP) chain exists, potentially leading to code execution, SQL injection, path traversal, denial of service, and other harmful actions.

It is classified under OWASP Top 10 A3: Injection, indicating it is a critical injection vulnerability.

Impact Analysis

This vulnerability poses a critical risk with a CVSS score of 9.8, meaning it can severely impact affected systems.

  • Attackers could execute arbitrary code on your server.
  • It may allow SQL injection attacks, compromising your database.
  • Path traversal could expose sensitive files.
  • Denial of service attacks could disrupt your website availability.

Because of its severity and ease of exploitation, this vulnerability could be used in mass campaigns targeting many websites, regardless of their size or popularity.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Uncanny Automator Pro plugin to version 7.3.0.7 or later.

Until the update is applied, it is recommended to use the mitigation rule provided by Patchstack to block attacks exploiting this vulnerability.

Users should also consider seeking assistance from their hosting providers or developers to ensure the risk is mitigated promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart