A critical security vulnerability has been identified in the popular WordPress plugin, Crawlomatic Multisite Scraper Post Generator, which allows attackers to upload malicious files without authentication. This flaw puts thousands of websites using the plugin at significant risk of remote code execution and compromise. #WordPress #WebsiteSecurity
Keypoints
- The vulnerability CVE-2025-4389 affects all versions of Crawlomatic up to 2.6.8.1.
- Attackers can exploit the flaw to upload arbitrary files, including malicious scripts, without requiring user credentials.
- The issue can lead to complete remote control of affected websites, posing a critical security threat with a CVSS score of 9.8.
- The pluginβs developer released a patched version 2.6.8.2 that fixes the file validation weakness.
- Website owners are urged to update to the latest version immediately to prevent potential exploitation and severe damage.
Read More: https://thecyberexpress.com/crawlomatic-plugin-hit-by-cve-2025-4389/