PatchSiren cyber security CVE debrief
CVE-2026-42650 Ruben Garcia CVE debrief
CVE-2026-42650 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in AutomatorWP plugin versions up to 5.6.7. The vulnerability has a CVSS score of 7.2 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42650).
- Vendor
- Ruben Garcia
- Product
- AutomatorWP
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of AutomatorWP plugin versions up to 5.6.7 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by a lack of proper input validation and sanitization in the AutomatorWP plugin, allowing an unauthenticated attacker to inject malicious scripts.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to AutomatorWP plugin versions up to 5.6.7.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/automatorwp/vulnerability/wordpress-automatorwp-plugin-5-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-42650) and NVD detail [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-42650) provide additional information on this vulnerability.
Official resources
-
CVE-2026-42650 CVE record
CVE.org
-
CVE-2026-42650 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42650 was published on 2026-06-15T21:16:54.863Z and modified on 2026-06-15T21:24:32.790Z.