190 matches found
WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...
PT-2025-21776
Name of the Vulnerable Software and Affected Versions: Crawlomatic Multipage Scraper Post Generator plugin for WordPress versions up to, and including, 2.6.8.1 Description: The issue is related to arbitrary file uploads due to missing file type validation in the crawlomatic generate featured imag...
WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.6.8.1 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.1...
Malicious code in nazir-scraper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48a115000dc7228960ddb820e0687c73a67dccfb4f2eddcfc17b52247ba9a26c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2183 Malicious code in nazir-scraper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48a115000dc7228960ddb820e0687c73a67dccfb4f2eddcfc17b52247ba9a26c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-22775
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through = 5.1.3...
CVE-2024-56800
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
WordPress plugin Catalog Importer, Scraper & Crawler 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Catalog Importer, Scraper & Crawler versions = 5.1.3...
CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800
CVE-2024-56800 – Firecrawl SSRF vulnerability : Firecrawl (OSS) before v1.1.1 is affected by a server-side request forgery that can be triggered by a malicious scrape target redirecting to a local IP, enabling exfiltration of local network resources via the API. The cloud service was patched on 2...
PT-2024-37074
Name of the Vulnerable Software and Affected Versions Firecrawl versions prior to 1.1.1 Description Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. The scraping engine could be exploited by crafting a malicious site that redirects to a...
Malicious code in google-play-store (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0f8bc12f61546bde84dd1d7a64519fcdc55ce875b71f3d8d848d2d5daa2248d This is a copy of https://pypi.org/project/play-scraper/ with added a very questionable "telemetry": in scraper.py, L90 sends the user hostname, IP and the exa...
CVE-2024-37208
Server-Side Request Forgery SSRF vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7...
CVE-2024-37208 WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7...
CVE-2024-37208
CVE-2024-37208 is an SSRF issue in the WordPress WP Scraper plugin, affecting WP Scraper versions from n/a through 5.7. Connected sources describe the vulnerability as SSRF in WP Scraper and indicate it has been patched, with remediation to upgrade to a version later than 5.7. Public references (...
WordPress plugin WP Scraper code issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2024-27376 · WordPress · Wp Scraper
Name of the Vulnerable Software and Affected Versions: WP Scraper versions 5.7 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources...
What?s That Scraping Sound? How Web Scraper Bots Erode Ecommerce Profits
...