PatchSiren cyber security CVE debrief
CVE-2026-40785 Ruben Garcia CVE debrief
CVE-2026-40785 is a HIGH-severity vulnerability in AutomatorWP, a WordPress plugin. The vulnerability, rated 7.1 on the CVSS scale, involves Subscriber Broken Authentication and affects versions up to 5.6.7. It was published on June 15, 2026, and last modified on the same day.
- Vendor
- Ruben Garcia
- Product
- AutomatorWP
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of AutomatorWP plugin versions up to 5.6.7 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. It is categorized under CWE-288. The vulnerability allows for potential unauthorized actions due to broken authentication for subscribers.
Defensive priority
HIGH
Recommended defensive actions
- Update AutomatorWP to a version that fixes this vulnerability.
- Review subscriber authentication settings and logs for any suspicious activity.
- Consider implementing additional security measures for subscriber accounts.
Evidence notes
Evidence suggests that this vulnerability was identified and reported through Patchstack.
Official resources
-
CVE-2026-40785 CVE record
CVE.org
-
CVE-2026-40785 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40785 was published on June 15, 2026, and last modified on the same day.