CVE-2025-49293

CVE-2025-49293 is a Missing Authorization vulnerability in the WordPress plugin Crawlomatic Multisite Scraper Post Generator. Exploitation could allow unauthorized access due to misconfigured access control. Affected versions are Crawlomatic Multisite Scraper Post Generator

CVE-2025-49293 WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2...

PT-2025-24228 · Unknown · Crawlomatic Multipage Scraper Post Generator

Name of the Vulnerable Software and Affected Versions: Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: For versions...

PT-2025-24227 · Unknown · Crawlomatic Multipage Scraper Post Generator

Name of the Vulnerable Software and Affected Versions: Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

Malicious code in tradingv-scraper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d77275e798392b8c057b8a2e84fc0af74d6d01c3a2d426ee0b05ef9ce80a6b3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4696 Malicious code in tradingv-scraper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d77275e798392b8c057b8a2e84fc0af74d6d01c3a2d426ee0b05ef9ce80a6b3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37208

Server-Side Request Forgery SSRF vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7...

CVE-2024-3663

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...

CVE-2025-4389 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

PT-2025-21776

Name of the Vulnerable Software and Affected Versions: Crawlomatic Multipage Scraper Post Generator plugin for WordPress versions up to, and including, 2.6.8.1 Description: The issue is related to arbitrary file uploads due to missing file type validation in the crawlomatic generate featured imag...

WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.6.8.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.1...

Malicious code in nazir-scraper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48a115000dc7228960ddb820e0687c73a67dccfb4f2eddcfc17b52247ba9a26c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2183 Malicious code in nazir-scraper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48a115000dc7228960ddb820e0687c73a67dccfb4f2eddcfc17b52247ba9a26c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-22775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through = 5.1.3...

CVE-2024-56800

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

WordPress plugin Catalog Importer, Scraper & Crawler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Catalog Importer, Scraper & Crawler versions = 5.1.3...