WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability
Description
The WordPress & WooCommerce Scraper plugin <=1.0.7 has an unauthenticated arbitrary file download vulnerability allowing attackers to retrieve sensitive files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The WordPress & WooCommerce Scraper plugin <=1.0.7 has an unauthenticated arbitrary file download vulnerability allowing attackers to retrieve sensitive files.
Vulnerability
The WordPress & WooCommerce Scraper Plugin, Import Data from Any Site version 1.0.7 and earlier contains an unauthenticated arbitrary file download vulnerability. An attacker can exploit this without any authentication or user interaction by sending a specially crafted request to download any file from the server [1].
Exploitation
An unauthenticated attacker can send a crafted HTTP request to the vulnerable endpoint, specifying a file path to download. No authentication or prior access is required. This can be automated for mass exploitation campaigns targeting thousands of websites [1].
Impact
Successful exploitation allows the attacker to download any file from the WordPress installation, including configuration files like wp-config.php that contain database credentials, backup files, and other sensitive data. This can lead to full site compromise [1].
Mitigation
The plugin should be updated to a patched version higher than 1.0.7. If immediate update is not possible, it is recommended to contact a hosting provider or web developer for assistance. The vulnerability is expected to be exploited in mass campaigns [1].
AI Insight generated on Jun 17, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.