Home

Description

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled servers.

PUBLISHED Reserved 2026-06-16 | Published 2026-07-07 | Updated 2026-07-07 | Assigner WPScan

Problem types

CWE-912 Hidden Functionality

Product status

Default status
unaffected

7.3.0.5 (semver) before 7.3.0.6
affected

Credits

Mike Gozdiskowski finder

WPScan coordinator

References

wpscan.com/...rability/ddc83705-3df6-427c-957b-935135330f73/ exploit vdb-entry technical-description

cve.org (CVE-2026-12375)

nvd.nist.gov (CVE-2026-12375)

Download JSON