Summary
| Detail | |||
|---|---|---|---|
| Vendor | Uncannyowl | First view | 2024-01-05 |
| Product | Uncanny Automator | Last view | 2025-03-12 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | wordpress | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:uncannyowl:uncanny_automator | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.8 | 2025-03-12 | CVE-2024-13838 | The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. |
| 6.1 | 2024-07-22 | CVE-2024-37117 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Automator Pro allows Reflected XSS.This issue affects Uncanny Automator Pro: from n/a through 5.3. |
| 8.8 | 2024-06-21 | CVE-2024-37118 | Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. |
| 5.3 | 2024-01-05 | CVE-2023-52151 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
