PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12375 Uncanny Automator CVE debrief

The Uncanny Automator Pro WordPress plugin before version 7.3.0.6 was distributed with malicious code due to a compromise of the vendor's update and distribution infrastructure. The injected backdoor allows unauthenticated attackers to gain an administrator session on affected sites and sends the site's secret keys and administrator details to attacker-controlled servers.

Vendor
Uncanny Automator
Product
Uncanny Automator Pro
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Administrators and users of the Uncanny Automator Pro WordPress plugin, especially those who have not updated to version 7.3.0.6 or later, should be aware of this vulnerability and take immediate action to protect their sites.

Technical summary

The Uncanny Automator Pro WordPress plugin was compromised during the update and distribution process, leading to the inclusion of malicious code in versions before 7.3.0.6. This backdoor enables unauthenticated attackers to gain administrator-level access to affected WordPress sites. Additionally, the malicious code exfiltrates sensitive information, including the site's secret keys and administrator details, to attacker-controlled servers.

Defensive priority

High

Recommended defensive actions

  • Immediately update the Uncanny Automator Pro plugin to version 7.3.0.6 or later.
  • Review and monitor site administrator accounts for any suspicious activity.
  • Change all WordPress administrator passwords and consider implementing two-factor authentication.
  • Verify the integrity of site secret keys and consider rotating them if compromised.
  • Enhance monitoring for potential beaconing activity to attacker-controlled servers.

Evidence notes

The CVE record was published on 2026-07-07T06:16:22.003Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific attack vectors and impacted versions beyond the initial report.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T06:16:22.003Z and has not been modified since then. The NVD entry is currently in the 'Received' status.