What the vulnerability does
01Description
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
What the vulnerability does
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Explanation of Vulnerability in Simple Terms
AutomatorWP versions up to 5.6.7 contain an authentication bypass or privilege escalation flaw that allows authenticated users to modify site data or disrupt service availability. The vulnerability requires a valid user account but no special privileges. Site administrators should update to version 5.7.9.2 or later to remediate the issue.
What an attacker can do
Modify site data or cause the site to become unavailable or unstable.
Potential impact on your site
Authenticated users can alter automation rules, workflows, or trigger denial-of-service conditions affecting site stability.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges on the site.
Key dates
External resources
Related vulnerabilities