What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.4.
Explanation of Vulnerability in Simple Terms
02Summary
AutomatorWP versions up to 5.2.4 contain a SQL injection vulnerability in a high-privilege context. An authenticated administrator can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive data from the database. The vulnerability requires admin-level access and does not allow data modification. Update to version 5.7.9.2 or later.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the site's database via SQL injection.
Potential impact on your site
04Site Impact
An admin account compromised or acting maliciously could extract database contents including user credentials and configuration data.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the site.
Key dates
06Disclosure timeline
December 23, 2025
CVE published
April 28, 2026
Record updated