CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

May 17, 2025

CVE ID : CVE-2025-4389

Published : May 17, 2025, 6:15 a.m. | 2 hours, 29 minutes ago

Description : The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4819 – Y_Project RuoYi Remote Improper Authorization Vulnerability

Next Article CVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

CSS Intelligence: Speculating On The Future Of A Smarter Language

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

CompTIA State of the Tech Workforce 2025 released, Meta joins Kotlin Foundation, Percona launches Transparent Data Encryption for PostgreSQL – Daily News Digest

Turning User Research Into Real Organizational Change

Sam Altman says his CEO ouster “wasn’t the craziest thing that would happen in OpenAl’s history” — neither will Meta’s $100 million raid on the firm’s top AI talent

Can OpenAI’s mandatory week-long break fend off Meta’s $100 million talent grab? — “Someone has broken into our home”

Marvel Rivals Season 3 is bringing Blade and Phoenix — but I need this balance issue fixed

Wuchang: Fallen Feathers is a Soulslike RPG that’s coming to Xbox Game Pass — after playing it, I still have these concerns

Trust but Verify: The Curious Case of AI Hallucinations

Trust but Verify: The Curious Case of AI Hallucinations

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

Flutter Web Hot Reload Has Landed – No More Refreshes!

Sam Altman says his CEO ouster “wasn’t the craziest thing that would happen in OpenAl’s history” — neither will Meta’s $100 million raid on the firm’s top AI talent

Sam Altman says his CEO ouster “wasn’t the craziest thing that would happen in OpenAl’s history” — neither will Meta’s $100 million raid on the firm’s top AI talent

Can OpenAI’s mandatory week-long break fend off Meta’s $100 million talent grab? — “Someone has broken into our home”

Marvel Rivals Season 3 is bringing Blade and Phoenix — but I need this balance issue fixed

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine

CVE-2025-3358 – CVE-2022-36337 Oracle WebLogic Server Cross-Site Scripting

CVE-2023-37535 – HCL Domino Volt and Domino Leap Unvalidated Request Parameter Vulnerability

OpenAI’s largest acquisition could help CEO Sam Altman make coders 10x more productive with “Windsurf” agentic IDE

MonetDB is a high performance relational database system for analytics

Amazon DynamoDB data modeling for Multi-Tenancy – Part 1

Introducing Gemini: our largest and most capable AI model

Sublime Text Releases Update With Support for Right Sidebar

CVE-2025-6006 – kiCode111 like-girl SQL Injection Vulnerability

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

Related Posts