CVE-2025-9542: 
WordPress vulnerability analysis and mitigation

The AutomatorWP – Automator plugin for WordPress (versions up to and including 5.3.7) contains a vulnerability identified as CVE-2025-9542. The vulnerability was discovered on September 9, 2025, and involves unauthorized access and modification of data due to missing capability checks on multiple plugin functions. This security issue affects WordPress installations using the AutomatorWP plugin (NVD).

The vulnerability stems from missing authorization checks in multiple plugin functions, which allows authenticated users with Subscriber-level access or higher to perform unauthorized actions. The issue has been assigned a CVSS v3.1 Base Score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD, Wordfence).

The vulnerability allows authenticated attackers with Subscriber-level access and above to modify integration settings and view existing automations within the WordPress installation. This unauthorized access could potentially compromise the intended automation workflows and expose sensitive configuration details (NVD).

A fix has been implemented in version 5.3.8 of the AutomatorWP plugin, as evidenced by the changelog updates. Users are advised to update to this version or later to address the vulnerability (WordPress Plugin Repository).