{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:01:57.738","vulnerabilities":[{"cve":{"id":"CVE-2026-2269","sourceIdentifier":"security@wordfence.com","published":"2026-03-03T02:16:10.510","lastModified":"2026-03-03T21:52:29.877","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the download_url() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Additionally, the plugin stores the contents of the remote files on the server, which can be leveraged to upload arbitrary files on the affected site's server which may make remote code execution possible."},{"lang":"es","value":"El plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin para WordPress es vulnerable a falsificación de petición del lado del servidor en todas las versiones hasta la 7.0.0.3, inclusive, a través de la función download_url(). Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador y superior, realicen peticiones web a ubicaciones arbitrarias originadas desde la aplicación web y puede utilizarse para consultar y modificar información de servicios internos. Además, el plugin almacena el contenido de los archivos remotos en el servidor, lo que puede aprovecharse para subir archivos arbitrarios en el servidor del sitio afectado, lo que podría hacer posible la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3471238/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80848de3-a772-4078-aa04-29e1d6e3ff73?source=cve","source":"security@wordfence.com"}]}}]}