Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Uncanny Owl — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Uncanny Owl. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Uncanny Owl develops security testing tools, primarily focusing on web application vulnerability assessment. Historically, their products have been associated with multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, contributing to 18 CVEs to date. These issues often stem from improper input validation and insecure default configurations. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their testing tools raises concerns about the security of the products designed to identify flaws in other systems.

Top products by Uncanny Owl: Uncanny Toolkit for LearnDash Uncanny Automator Pro Uncanny Toolkit Pro for LearnDash Uncanny Automator Uncanny Groups for LearnDash Tin Canny Reporting for LearnDash
CVE IDTitleCVSSSeverityPublished
CVE-2025-66056 WordPress Uncanny Automator plugin < 6.10.0 - Sensitive Data Exposure vulnerability — Uncanny AutomatorCWE-497 4.3 Medium2025-11-21
CVE-2025-57988 WordPress Uncanny Toolkit for LearnDash Plugin <= 3.7.0.3 - Cross Site Scripting (XSS) Vulnerability — Uncanny Toolkit for LearnDashCWE-79 6.5 Medium2025-09-22
CVE-2025-58193 WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability — Uncanny AutomatorCWE-862 4.3 Medium2025-08-27
CVE-2025-48133 WordPress Uncanny Automator plugin <= 6.4.0.2 - Broken Access Control Vulnerability — Uncanny AutomatorCWE-862 6.5 Medium2025-06-05
CVE-2025-48080 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability — Uncanny Toolkit for LearnDashCWE-79 6.5 Medium2025-05-16
CVE-2025-22268 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability — Uncanny Toolkit for LearnDashCWE-79 6.5 Medium2025-04-15
CVE-2024-37438 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability — Uncanny Toolkit Pro for LearnDashCWE-352 5.4 Medium2025-01-02
CVE-2023-34019 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability — Uncanny Toolkit for LearnDashCWE-862 6.5 Medium2024-12-13
CVE-2024-37119 WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability — Uncanny Automator ProCWE-862 5.3 Medium2024-11-01
CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability — Uncanny Toolkit Pro for LearnDashCWE-862 5.4 Medium2024-11-01
CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add — Uncanny Groups for LearnDashCWE-862 2.7 Low2024-09-25
CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation — Uncanny Groups for LearnDashCWE-862 7.2 High2024-09-25
CVE-2024-39656 WordPress Tin Canny Reporting for LearnDash plugin <= 4.3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability — Tin Canny Reporting for LearnDashCWE-79 7.1 High2024-08-01
CVE-2024-37117 WordPress Uncanny Automator Pro plugin <= 5.3 - Reflected Cross Site Scripting (XSS) vulnerability — Uncanny Automator ProCWE-79 7.1 High2024-07-22
CVE-2024-37436 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Uncanny Toolkit Pro for LearnDashCWE-79 7.1 High2024-07-22
CVE-2024-37118 WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability — Uncanny Automator Pro 5.4 Medium2024-06-21
CVE-2023-34020 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability — Uncanny Toolkit for LearnDashCWE-601 4.7 Medium2024-03-27
CVE-2023-23714 WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF) — Uncanny Toolkit for LearnDashCWE-352 4.3 Medium2023-05-26

This page lists every published CVE security advisory associated with Uncanny Owl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.