WordPress Automatic Plugin Vulnerability - CVE-2025-5395

Is your website using the WordPress Automatic Plugin - AI content generator and auto poster plugin from CodeCanyon?

If yes, you should update it immediately.

The vulnerability was published on June 10, 2025, and more details can be found on the CVE website(2025-5395).

The file type validation on uploads in the core.php file is insufficient, meaning that authors on your website can upload arbitrary files to your server, potentially take control, and harm your online reputation.

This vulnerability affects all versions of the WP Automatic plugin before and including version 3.115.0, so you should immediately upgrade to the patched version 3.116.0.

Need help? Just reach out!