HIGH
uncannyowl
CVE published 2026-07-16
CVE-2026-15008
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress has a vulnerability that allows unauthenticated attackers to delete arbitrary files on the server. This is due to insufficient file path validation in the fr_token function in all versions up to, and including, 7.3.1.4. The vulnerability can lead to remote code execution when a specific file, such as wp- [truncated]