CVE-2024-37119
📋 TL;DR
This vulnerability allows unauthenticated attackers to reset license settings in Uncanny Automator Pro WordPress plugin. It affects all WordPress sites running Uncanny Automator Pro versions up to 5.3.0.0, potentially disrupting automated workflows and business processes.
💻 Affected Systems
- Uncanny Automator Pro WordPress Plugin
📦 What is this software?
Uncanny Automator by Uncannyowl
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable all automated workflows, disrupt business operations, and potentially gain unauthorized access to connected systems through broken automation chains.
Likely Case
Attackers reset license settings, causing automated workflows to stop functioning until reconfiguration, leading to operational disruption.
If Mitigated
With proper network segmentation and web application firewalls, impact is limited to temporary workflow disruption requiring reconfiguration.
🎯 Exploit Status
The vulnerability is publicly documented with technical details, making exploitation straightforward for attackers with basic web security knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.0.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Uncanny Automator Pro and click 'Update Now'. 4. Verify version is 5.3.0.1 or higher.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock requests to vulnerable endpoints using WAF rules
Block POST requests to /wp-admin/admin-ajax.php with action parameter containing 'license' or 'automator'
Temporary Plugin Deactivation
linuxDisable Uncanny Automator Pro until patched
wp plugin deactivate uncanny-automator-pro
🧯 If You Can't Patch
- Implement strict network access controls to limit access to WordPress admin interface
- Deploy web application firewall with rules to block exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Uncanny Automator Pro → Version. If version is 5.3.0.0 or lower, you are vulnerable.Check Version:
wp plugin get uncanny-automator-pro --field=versionVerify Fix Applied:
After updating, verify version shows 5.3.0.1 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action parameters like 'license_reset', 'automator_license'
- Unusual license reset events in WordPress logs
Network Indicators:
- HTTP POST requests to WordPress admin-ajax endpoint with license-related parameters from unauthorized IPs
SIEM Query:
source="wordpress.log" AND ("admin-ajax.php" AND ("license" OR "automator")) AND status=200