Review
Uncanny Automator
CVE published 2026-07-07
CVE-2026-12375
The Uncanny Automator Pro WordPress plugin before version 7.3.0.6 was distributed with malicious code due to a compromise of the vendor's update and distribution infrastructure. The injected backdoor allows unauthenticated attackers to gain an administrator session on affected sites and sends the site's secret keys and administrator details to attacker-controlled servers.