WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.7.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.7.2...

CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...

CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...

PT-2026-44190

Name of the Vulnerable Software and Affected Versions Crawlomatic Multipage Scraper Post Generator versions prior to 2.7.3 Description The plugin allows authenticated attackers with author-level access and above to execute arbitrary code on the server. This occurs within the filter content functi...

EUVD-2025-15567

Malicious code in bioql PyPI...

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability

Sensitive Data Exposure via Log Exposure vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

CVE-2025-4389

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

CVE-2025-4389

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

CVE-2025-4389

The CVE-2025-4389 entry concerns the WordPress plugin Crawlomatic Multipage Scraper Post Generator. A missing file type validation in the function crawlomatic_generate_featured_image() allows unauthenticated arbitrary file uploads in all versions up to 2.6.8.1, potentially enabling remote code ex...

CVE-2025-4389 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...