CVE-2026-12375
Uncanny Owl · Uncanny Automator Pro
The Uncanny Automator Pro WordPress plugin was distributed with a backdoor, allowing unauthenticated attackers to gain administrative access and exfiltrate site credentials.
Executive summary
A supply chain compromise of the Uncanny Automator Pro plugin has introduced a backdoor that grants unauthenticated attackers full administrative control over affected WordPress sites.
Vulnerability
The plugin was distributed with malicious, hidden functionality (CWE-912) following a compromise of the vendor's distribution infrastructure. This backdoor allows unauthenticated attackers to hijack administrator sessions and beacon sensitive security keys to external servers.
Business impact
This vulnerability is catastrophic, as it facilitates complete takeover of the WordPress instance. With a CVSS score of 9.8, the impact includes full loss of site confidentiality, integrity, and availability, potentially leading to widespread data breaches and the deployment of persistent malware.
Remediation
Immediate Action: Update the Uncanny Automator Pro plugin to version 7.3.0.6 or later immediately.
Proactive Monitoring: Audit administrator accounts for unauthorized additions and monitor outgoing network traffic for suspicious connections to unknown external IP addresses.
Compensating Controls: If an immediate update is not feasible, disable the plugin entirely until the site can be audited for signs of compromise and updated.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Organizations using Uncanny Automator Pro must treat this as a high-priority incident. Beyond applying the patch, administrators should perform a comprehensive security audit of their WordPress environment to ensure that no backdoors or unauthorized administrative accounts were created while the vulnerable version was active.