CVE-2026-2269: CWE-434 Unrestricted Upload of File with Dangerous Type in uncannyowl Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the download_url() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Additionally, the plugin stores the contents of the remote files on the server, which can be leveraged to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Analysis
Technical Summary
The Uncanny Automator plugin for WordPress contains a Server-Side Request Forgery vulnerability in the download_url() function affecting all versions up to 7.0.0.3. Authenticated attackers with Administrator privileges can leverage this flaw to make arbitrary web requests originating from the server, potentially accessing or altering internal services. Furthermore, the plugin's behavior of storing remote file contents on the server can be abused to upload arbitrary files, increasing the risk of remote code execution. The vulnerability is tracked as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS v3.1 score of 7.2, indicating high severity.
Potential Impact
An attacker with Administrator-level access can exploit this vulnerability to perform SSRF attacks, enabling them to interact with internal services that may not be directly accessible. The ability to upload arbitrary files to the server increases the risk of remote code execution, potentially compromising the entire web application and underlying server. This could lead to full system compromise, data theft, or service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Administrator-level access to trusted users only. Monitor for plugin updates from the vendor and apply them promptly once released. Avoid using the affected plugin versions in sensitive environments.
CVE-2026-2269: CWE-434 Unrestricted Upload of File with Dangerous Type in uncannyowl Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Description
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the download_url() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Additionally, the plugin stores the contents of the remote files on the server, which can be leveraged to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Uncanny Automator plugin for WordPress contains a Server-Side Request Forgery vulnerability in the download_url() function affecting all versions up to 7.0.0.3. Authenticated attackers with Administrator privileges can leverage this flaw to make arbitrary web requests originating from the server, potentially accessing or altering internal services. Furthermore, the plugin's behavior of storing remote file contents on the server can be abused to upload arbitrary files, increasing the risk of remote code execution. The vulnerability is tracked as CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS v3.1 score of 7.2, indicating high severity.
Potential Impact
An attacker with Administrator-level access can exploit this vulnerability to perform SSRF attacks, enabling them to interact with internal services that may not be directly accessible. The ability to upload arbitrary files to the server increases the risk of remote code execution, potentially compromising the entire web application and underlying server. This could lead to full system compromise, data theft, or service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Administrator-level access to trusted users only. Monitor for plugin updates from the vendor and apply them promptly once released. Avoid using the affected plugin versions in sensitive environments.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-02-09T23:43:27.276Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a644edd1a09e29cb9ed2ab
Added to database: 3/3/2026, 2:18:21 AM
Last enriched: 4/9/2026, 6:39:02 PM
Last updated: 4/17/2026, 7:55:10 AM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.