- Description
- The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
CVE-2025-4389 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to mis..https://t.co/xSEExR5fBV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
22 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe security vulnerability has been discovered in the popular WordPress plugin, Crawlomatic Multisite Scraper Post Generator, potentially placing thousands of websites at risk. Tracked as CVE-2025-4389, the flaw allows unauthenticated attackers to upload malicious files,
@cybertzar
20 May 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4389 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_gen… https://t.co/UpiuUZTuP5
@CVEnew
17 May 2025
483 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes