CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

May 17, 2025

CVE ID : CVE-2025-4389

Published : May 17, 2025, 6:15 a.m. | 2 hours, 29 minutes ago

Description : The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

Next Article CVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

Minecraft licensing robbed us of this controversial NFL schedule release video

The power of generators

The power of generators

Simplify Factory Associations with Laravel’s UseFactory Attribute

This Week in Laravel: React Native, PhpStorm Junie, and more

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

CVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

CVE-2025-4818 – SourceCodester Doctor’s Appointment System SQL Injection

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Asset Prefetching Strategies with Vite in Laravel 11.21

Distribution Release: TrueNAS 25.04.0

A hybrid approach for homogeneous migration to an Amazon DocumentDB elastic cluster

Your AirPods might (finally) get Live-translate, according to a new report

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

Hulu’s $1 Black Friday deal is back: Get 1 year of Hulu for $1 a month

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

Related Posts