PatchSiren cyber security CVE debrief
CVE-2026-12375 Uncanny Automator CVE debrief
The Uncanny Automator Pro WordPress plugin before version 7.3.0.6 was distributed with malicious code due to a compromise of the vendor's update and distribution infrastructure. The injected backdoor allows unauthenticated attackers to gain an administrator session on affected sites and sends the site's secret keys and administrator details to attacker-controlled servers.
- Vendor
- Uncanny Automator
- Product
- Uncanny Automator Pro
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Administrators and users of the Uncanny Automator Pro WordPress plugin, especially those who have not updated to version 7.3.0.6 or later, should be aware of this vulnerability and take immediate action to protect their sites.
Technical summary
The Uncanny Automator Pro WordPress plugin was compromised during the update and distribution process, leading to the inclusion of malicious code in versions before 7.3.0.6. This backdoor enables unauthenticated attackers to gain administrator-level access to affected WordPress sites. Additionally, the malicious code exfiltrates sensitive information, including the site's secret keys and administrator details, to attacker-controlled servers.
Defensive priority
High
Recommended defensive actions
- Immediately update the Uncanny Automator Pro plugin to version 7.3.0.6 or later.
- Review and monitor site administrator accounts for any suspicious activity.
- Change all WordPress administrator passwords and consider implementing two-factor authentication.
- Verify the integrity of site secret keys and consider rotating them if compromised.
- Enhance monitoring for potential beaconing activity to attacker-controlled servers.
Evidence notes
The CVE record was published on 2026-07-07T06:16:22.003Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific attack vectors and impacted versions beyond the initial report.
Official resources
-
CVE-2026-12375 CVE record
CVE.org
-
CVE-2026-12375 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T06:16:22.003Z and has not been modified since then. The NVD entry is currently in the 'Received' status.