Description
WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 2.5.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.5.1 or latest
References
Related Vulnerabilities
WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)
WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)
WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4893)