Platform
wordpress
Component
automatorwp
Opgelost in
5.3.7
CVE-2025-9539 is a Remote Code Execution (RCE) vulnerability affecting the AutomatorWP plugin for WordPress, a tool used for no-code automations, webhooks, and custom integrations. This vulnerability allows authenticated attackers with Subscriber-level access or higher to create arbitrary automations, potentially leading to remote code execution or privilege escalation. The vulnerability impacts versions 0.0.0 through 5.3.6 of the plugin, and a patch is expected from the vendor.
The primary impact of CVE-2025-9539 is the potential for remote code execution on a WordPress site. An attacker, possessing only Subscriber-level privileges, can exploit this flaw to create malicious automations. These automations, once activated by an administrator, could execute arbitrary code, granting the attacker complete control over the affected WordPress installation. This could lead to data breaches, website defacement, malware installation, or even complete system compromise. The ability to escalate privileges to administrator level further amplifies the risk, allowing attackers to gain persistent access and control.
CVE-2025-9539 was publicly disclosed on 2025-09-09. The vulnerability's ease of exploitation, combined with the plugin's popularity, suggests a potential for widespread exploitation. No public proof-of-concept (POC) code has been released as of this writing, but the vulnerability's nature makes it likely that a POC will emerge. The EPSS score is currently pending evaluation, but the RCE nature of the vulnerability suggests a medium to high probability of exploitation.
WordPress websites utilizing the AutomatorWP plugin, particularly those running versions 0.0.0 through 5.3.6, are at risk. Shared hosting environments where users have limited administrative control and can create WordPress plugins are especially vulnerable. Sites with weak password policies or inadequate access controls are also at increased risk.
• wordpress / composer / npm:
grep -r 'automatorwp_ajax_import_automation_from_url' /var/www/html/wp-content/plugins/automatorwp/• wordpress / composer / npm:
wp plugin list | grep automatorwp• wordpress / composer / npm:
wp plugin update automatorwpdisclosure
Exploit Status
EPSS
0.14% (34% percentiel)
CISA SSVC
CVSS-vector
The recommended mitigation for CVE-2025-9539 is to immediately upgrade the AutomatorWP plugin to a patched version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. A Web Application Firewall (WAF) can be configured to block requests to the vulnerable automatorwpajaximportautomationfrom_url endpoint, preventing unauthorized automation creation. Additionally, restrict access to the WordPress admin panel and enforce strong password policies to limit the potential for privilege escalation. After upgrading, verify the fix by attempting to create an automation as a Subscriber-level user and confirming that the action is denied.
Actualice el plugin AutomatorWP a la última versión disponible para solucionar la vulnerabilidad. La falta de una verificación de capacidad permite a usuarios con privilegios de suscriptor ejecutar código arbitrario, lo que podría resultar en la ejecución remota de código o la escalada de privilegios. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-9539 is a Remote Code Execution vulnerability in the AutomatorWP WordPress plugin, allowing authenticated attackers to create malicious automations.
You are affected if your WordPress site uses the AutomatorWP plugin in versions 0.0.0 through 5.3.6. Upgrade immediately.
Upgrade the AutomatorWP plugin to the latest available version. Implement WAF rules as a temporary workaround until the patch is applied.
While no active exploitation has been confirmed, the vulnerability's nature suggests a high likelihood of exploitation, and monitoring is crucial.
Check the AutomatorWP plugin website and WordPress plugin repository for the official advisory and patch release.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.