PatchSiren

uncannyowl CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH uncannyowl CVE published 2026-07-16

CVE-2026-15008

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress has a vulnerability that allows unauthenticated attackers to delete arbitrary files on the server. This is due to insufficient file path validation in the fr_token function in all versions up to, and including, 7.3.1.4. The vulnerability can lead to remote code execution when a specific file, such as wp- [truncated]