Crawlomatic Multipage Scraper Post Generator
by WordPress
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4389 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2025 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for… | ||
| CVE-2026-9009 | Hig | 0.57 | 8.8 | 0.00 | May 28, 2026 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into… | ||
| CVE-2025-49294 | Med | 0.34 | 5.3 | 0.00 | Jun 6, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator:… | ||
| CVE-2025-49293 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post… |
- risk 0.64cvss 9.8epss 0.01
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to passing the attacker-supplied 'callback_raw' shortcode attribute directly into…
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator:…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post…