Description
The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled servers.
Problem types
Product status
7.3.0.5 (semver) before 7.3.0.6
Credits
Mike Gozdiskowski
WPScan
References
wpscan.com/...rability/ddc83705-3df6-427c-957b-935135330f73/