{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9542", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-27T13:37:06.045Z", "datePublished": "2025-09-09T06:40:35.408Z", "dateUpdated": "2026-04-08T16:57:11.328Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:11.328Z"}, "affected": [{"vendor": "rubengc", "product": "AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.3.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify integration settings or view existing automations."}], "title": "AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62ed278c-f914-4edd-aba1-4aaa099a869f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3355175/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2025-08-18T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-09-08T17:53:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-09T19:26:14.366937Z", "id": "CVE-2025-9542", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-09T19:26:21.058Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9542", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-09T19:26:14.366937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-09T19:26:18.200Z"}}], "cna": {"title": "AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "rubengc", "product": "AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.3.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-18T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-09-08T17:53:24.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62ed278c-f914-4edd-aba1-4aaa099a869f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3355175/"}], "descriptions": [{"lang": "en", "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify integration settings or view existing automations."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-09T06:40:35.408Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9542", "state": "PUBLISHED", "dateUpdated": "2025-09-09T19:26:21.058Z", "dateReserved": "2025-08-27T13:37:06.045Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-09T06:40:35.408Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify integration settings or view existing automations."}], "id": "CVE-2025-9542", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-09T07:15:33.627", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3355175/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62ed278c-f914-4edd-aba1-4aaa099a869f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:10:39.578886+00:00", "value": {"mitigation_remediation": ["Update the AutomatorWP plugin to a version newer than 5.3.7 to apply the official fix", "If an update is not immediately possible, deactivate or uninstall the plugin to remove the attack surface", "Limit WordPress user roles to prevent Subscriber+ users from accessing administrative features that interact with AutomatorWP", "Monitor WordPress logs for anomalous changes to automation settings or unauthorized view attempts"], "summary": {"action": "Apply patch", "impact": "Unauthorized modification and viewing of automations via missing authorization check"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites running AutomatorWP versions up through 5.3.7 inclusive. The plugin is distributed under the rubengc:AutomatorWP CNA and is expected to be installed via the WordPress plugin directory. Version information is limited to a maximum of 5.3.7, with no specific lower bound indicated.", "description_and_impact": "The AutomatorWP plugin contains a missing capability check in several functions that allows any authenticated WordPress user with Subscriber level or higher to change integration settings and view existing automations. This flaw is a classic example of an authority problem (CWE-862) that enables privilege escalation within the WordPress environment. The impact is that attackers can alter or tamper with automation workflows, potentially leading to data leakage or disruption of automated processes.", "risk_and_exploitability": "The CVSS base score of 5.4 places this vulnerability in the medium severity range, reflecting that exploitation requires authenticated access but does not grant full system compromise. The EPSS score of less than 1% indicates a low observed probability of exploitation at this time. Because the flaw is not listed in the CISA KEV catalog, there are no known large\u2011scale exploit campaigns recorded. The likely attack vector is a legitimate login that the attacker uses to obtain Subscriber level rights, after which the missing capability check is leveraged to manipulate plugin data."}}}}, "created": "2025-09-09T21:31:39.799686+00:00", "updated": "2026-04-21T03:15:16.335842+00:00", "vendors": ["automatorwp", "automatorwp$PRODUCT$automatorwp", "wordpress", "wordpress$PRODUCT$wordpress"]}