CVE-2025-3623
Published
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
<p>Uncanny Automator is the easiest and most powerful way to automate your WordPress site with no code. Build automations in minutes that connect your WordPress plugins, sites and apps together using billions of recipe combinations.</p>
<p>Here’s how Uncanny Automator works:</p>
<p>When something happens, Automator can make other things happen.</p>
<p>When a user buys a product, add them to a membership level, enroll them in a course and pass their information to Google Sheets.</p>
<p>It’s that simple! Here’s a video outlining how it all works.</p>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/LMR5YIPu2Kk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
<p>If you’ve used Zapier, setting things up will be intuitive. And if not, that’s okay too!</p>
<h4>E-commerce Automation</h4>
<p>Improve customer engagement by having your purchases trigger marketing automation campaigns, award store credit, promote 5-star reviews, schedule time-limited bonus offers and offer profile-driven discounts. Or for advanced reporting and customer service, create WooCommerce automations that send purchase details to Google Sheets, Slack and ActiveCampaign with our native integrations. It all happens automatically!</p>
<h4>Google Sheets Automation</h4>
<p>Build powerful reports and dashboards based on almost any WordPress activity or data with 1-click Google Sheets integration. Track purchases, course completions, blog post updates, forum posts and more. Not only can you create new rows for reports with Uncanny Automator, but you can update existing records, making it perfect for dashboard reporting.</p>
<h4>Webhook Automation</h4>
<p>Looking for the most powerful and comprehensive webhook support to connect your WordPress site to other apps? Uncanny Automator has support for security headers, any request method and any data format (including nesting support, JSON, XML, arrays and more). Use our 1-click sample generation and debug records to simplify connecting to other sites and systems, and send unlimited outgoing webhooks with the free version.</p>
<h4>LearnDash and E-Learning Automation</h4>
<p>Personalize student experiences and deliver better learning outcomes with no-code automations. Notify an instructor when users fail a quiz and enroll them in a remedial course–automatically. Add users to groups based on performance to allow easy collaboration. Automate student outreach when users fall behind in their coursework and offer easy learning interventions.</p>
<h4>Social Media Automation</h4>
<p>Spend less time sharing your posts and announcements on social media with automatic posting. Automatically post anything you want to Facebook Pages, Facebook Groups, X/Twitter, LinkedIn and Instagram, including with images and links. Sign up for a free account to get 250 credits for social posting; Pro plugin users get unlimited posting.</p>
<h4>OpenAI Automation</h4>
<p>Connect your new posts and site activity to OpenAI, with full support for ChatGPT and Dall-E models. Use Automator and the OpenAI to generate article summaries, social media posts, SEO descriptions, translations, email campaigns, featured images and more.</p>
<h4>Marketing Automation</h4>
<p>Integrate your favourite CRM with your WordPress plugins for full marketing automation. Add or remove tags based on course activity, purchases and more, and keep your email lists updated automatically. Or, with Automator Pro and Loops, send emails out in bulk and use Automator as your own CRM.</p>
<h4>Free doesn’t mean limited</h4>
<p>The free version of Automator is incredibly powerful and comes with built-in automation and integration support for all of these popular apps and WordPress plugins:</p>
<h4>Supported apps</h4>
<ul>
<li><a href="https://automatorplugin.com/integration/activecampaign/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">ActiveCampaign</a></li>
<li><a href="https://automatorplugin.com/integration/anthropic/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Anthropic</a></li>
<li><a href="https://automatorplugin.com/integration/asana/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Asana</a></li>
<li><a href="https://automatorplugin.com/integration/aweber/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">AWeber</a></li>
<li><a href="https://automatorplugin.com/integration/bitly/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Bitly</a></li>
<li><a href="https://automatorplugin.com/integration/bluesky/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Bluesky</a></li>
<li><a href="https://automatorplugin.com/integration/brevo/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Brevo</a></li>
<li><a href="https://automatorplugin.com/integration/campaign-monitor/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Campaign Monitor</a></li>
<li><a href="https://automatorplugin.com/integration/clickup/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">ClickUp</a></li>
<li><a href="https://automatorplugin.com/integration/cohere/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Cohere</a></li>
<li><a href="https://automatorplugin.com/integration/constant-contact/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Constant Contact</a></li>
<li><a href="https://automatorplugin.com/integration/deepseek/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">DeepSeek</a> (Deprecated)</li>
<li><a href="https://automatorplugin.com/integration/discord/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Discord</a></li>
<li><a href="https://automatorplugin.com/integration/drip/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Drip</a></li>
<li><a href="https://automatorplugin.com/integration/facebook-groups/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Facebook Groups</a></li>
<li><a href="https://automatorplugin.com/integration/facebook-lead-ads/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Facebook Lead Ads</a></li>
<li><a href="https://automatorplugin.com/integration/facebook/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Facebook Pages</a></li>
<li><a href="https://automatorplugin.com/integration/getresponse/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">GetResponse</a></li>
<li><a href="https://automatorplugin.com/integration/github/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">GitHub</a></li>
<li><a href="https://automatorplugin.com/integration/google-calendar/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Google Calendar</a></li>
<li><a href="https://automatorplugin.com/integration/google-contacts/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Google Contacts</a></li>
<li><a href="https://automatorplugin.com/integration/gemini/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Google Gemini</a></li>
<li><a href="https://automatorplugin.com/integration/google-sheets/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Google Sheets</a></li>
<li><a href="https://automatorplugin.com/integration/sheets-web-app/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Google Sheets Web App</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/gototraining/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">GoTo Training</a></li>
<li><a href="https://automatorplugin.com/integration/gotowebinar/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">GoTo Webinar</a></li>
<li><a href="https://automatorplugin.com/integration/help-scout/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Help Scout</a></li>
<li><a href="https://automatorplugin.com/integration/hubspot/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">HubSpot</a></li>
<li><a href="https://automatorplugin.com/integration/instagram/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Instagram</a></li>
<li><a href="https://automatorplugin.com/integration/keap/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Keap</a></li>
<li><a href="https://automatorplugin.com/integration/convertkit/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Kit</a></li>
<li><a href="https://automatorplugin.com/integration/linkedin-pages/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">LinkedIn Pages</a></li>
<li><a href="https://automatorplugin.com/integration/mailchimp/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Mailchimp</a></li>
<li><a href="https://automatorplugin.com/integration/mailerlite/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">MailerLite</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/mautic/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Mautic</a></li>
<li><a href="https://automatorplugin.com/integration/mistral/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Mistral AI</a></li>
<li><a href="https://automatorplugin.com/integration/microsoft-teams/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Microsoft Teams</a></li>
<li><a href="https://automatorplugin.com/integration/notion/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Notion</a></li>
<li><a href="https://automatorplugin.com/integration/ontraport/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Ontraport</a></li>
<li><a href="https://automatorplugin.com/integration/openai/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">OpenAI and GPT</a></li>
<li><a href="https://automatorplugin.com/integration/perplexity/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Perplexity</a></li>
<li><a href="https://automatorplugin.com/integration/quickbooks-online/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">QuickBooks Online</a> (Elite)</li>
<li><a href="https://automatorplugin.com/integration/salesforce/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Salesforce</a> (Elite)</li>
<li><a href="https://automatorplugin.com/integration/sendy/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Sendy</a></li>
<li><a href="https://automatorplugin.com/integration/slack/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Slack</a></li>
<li><a href="https://automatorplugin.com/integration/stripe/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Stripe</a></li>
<li><a href="https://automatorplugin.com/integration/telegram/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Telegram</a></li>
<li><a href="https://automatorplugin.com/integration/threads/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Threads</a></li>
<li><a href="https://automatorplugin.com/integration/trello/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Trello</a></li>
<li><a href="https://automatorplugin.com/integration/twilio/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Twilio</a></li>
<li><a href="https://automatorplugin.com/integration/twitter/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">X/Twitter</a></li>
<li><a href="https://automatorplugin.com/integration/whatsapp/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">WhatsApp</a></li>
<li><a href="https://automatorplugin.com/integration/xai/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">xAI</a></li>
<li><a href="https://automatorplugin.com/integration/zoho-campaigns/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Zoho Campaigns</a></li>
<li><a href="https://automatorplugin.com/integration/zoom-meetings/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Zoom Meetings</a></li>
<li><a href="https://automatorplugin.com/integration/zoom-webinars/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Zoom Webinars</a></li>
</ul>
<h4>WordPress Plugins Integrations</h4>
<ul>
<li><a href="https://automatorplugin.com/integration/advanced-ads/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Advanced Ads</a></li>
<li><a href="https://automatorplugin.com/integration/advanced-coupons/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Advanced Coupons</a></li>
<li><a href="https://automatorplugin.com/integration/advanced-custom-fields/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Advanced Custom Fields</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/affiliatewp/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">AffiliateWP</a></li>
<li><a href="https://automatorplugin.com/integration/airtable/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Airtable</a></li>
<li><a href="https://automatorplugin.com/integration/all-in-one-seo/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">All in One SEO</a></li>
<li><a href="https://automatorplugin.com/integration/amelia/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Amelia</a></li>
<li><a href="https://automatorplugin.com/integration/armember/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">ARMember</a></li>
<li><a href="https://automatorplugin.com/integration/automator-core/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Automator Core</a></li>
<li><a href="https://automatorplugin.com/integration/autonami/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">FunnelKit Automations</a></li>
<li><a href="https://automatorplugin.com/integration/badgeos/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">BadgeOS</a></li>
<li><a href="https://automatorplugin.com/integration/bbpress/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">bbPress</a></li>
<li><a href="https://automatorplugin.com/integration/bricks-builder/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Bricks Builder</a></li>
<li><a href="https://automatorplugin.com/integration/buddyboss/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">BuddyBoss</a></li>
<li><a href="https://automatorplugin.com/integration/buddypress/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">BuddyPress</a></li>
<li><a href="https://automatorplugin.com/integration/caldera-forms/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Caldera Forms</a></li>
<li><a href="https://automatorplugin.com/integration/csv/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">CSV</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/custom-user-fields-addon/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Custom User Fields</a> (Plus Addon)</li>
<li><a href="https://automatorplugin.com/integration/charitable/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Charitable</a></li>
<li><a href="https://automatorplugin.com/integration/cloudflare/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Cloudflare</a></li>
<li><a href="https://automatorplugin.com/integration/code-snippets/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Code Snippets</a></li>
<li><a href="https://automatorplugin.com/integration/contact-form-7/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Contact Form 7</a></li>
<li><a href="https://automatorplugin.com/integration/custom-action/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Custom Action</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/date-and-time/?utm_source=wp_repo_automator&utm_medium=readme&utm_content=free_integrations_list" rel="nofollow ugc">Date and Time</a> (Pro)</li>
<li><a href="https://automatorplugin.com/integration/database-query/?utm_source=wp_repo_au
WordPress Plugin Directory