Description
WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently enumerate automations, disclose title of private posts or user emails, call functions, or escalate their privileges via Ajax actions. WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress version 1.7.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.6 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:5916EA42-EB33-463D-8528-2A142805C91F
https://plugins.svn.wordpress.org/automatorwp/trunk/changelog.txt