Description
WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently enumerate automations, disclose title of private posts or user emails, call functions, or escalate their privileges via Ajax actions. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 1.7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.6 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:5916EA42-EB33-463D-8528-2A142805C91F
https://plugins.svn.wordpress.org/automatorwp/trunk/changelog.txt
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2007-2872)
Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)
WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)
WordPress Plugin Fancy Cats Multiple Cross-Site Scripting Vulnerabilities (1.1)
Tornado Improper Input Validation Vulnerability (CVE-2012-2374)