• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
AimactGrow
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
AimactGrow
No Result
View All Result

WordPress Scraper Plugin Compromised By Safety Vulnerability

Admin by Admin
May 16, 2025
Home SEO
Share on FacebookShare on Twitter


A WordPress plugin that mechanically posts content material scraped from different web sites has been found to include a crucial vulnerability that enables anybody to add malicious recordsdata to affected web sites. The severity of the vulnerability is rated at 9.8 on a scale of 1-10.

Crawlomatic Multisite Scraper Put up Generator Plugin for WordPress

The Crawlomatic WordPress plugin is offered by way of the Envato CodeCanyon retailer for $59 per license. It permits customers to crawl boards, climate statistics, articles from RSS feeds, and immediately scrape the content material from different web sites after which mechanically publish the content material on the person’s web site.

The plugin’s Envato CodeCanyon internet web page encompasses a banner that notes that the creator of the plugin has been acknowledged for having met “WordPress high quality requirements” and shows a badge indicating that it’s “Envato WP Necessities Compliant,” a sign that it meets Envato’s “safety, high quality, efficiency and coding requirements in WordPress plugins and themes.”

The plugin’s listing web page explains that it it will possibly crawl and scrape just about any web site, together with JavaScript-based websites, promising that it will possibly flip a person’s web site right into a “cash making machine.”

Unauthenticated Arbitrary File Add

The Crawlomatic WordPress plugin is lacking a filetype validation examine in all model previous to and together with model 2.6.8.1.

In accordance with a warning posted on Wordfence:

“The Crawlomatic Multipage Scraper Put up Generator plugin for WordPress is weak to arbitrary file uploads because of lacking file sort validation within the crawlomatic_generate_featured_image() operate in all variations as much as, and together with, 2.6.8.1. This makes it attainable for unauthenticated attackers to add arbitrary recordsdata on the affected web site’s server which can make distant code execution attainable.”

Customers of the plugin are really useful by Wordfence to replace to no less than model 2.6.8.2.

Learn extra at Wordfence:

Crawlomatic Multipage Scraper Put up Generator <= 2.6.8.1 – Unauthenticated Arbitrary File Add

Featured Picture by Shutterstock/nakaridore

Tags: CompromisedPluginScraperSecurityVulnerabilityWordPress
Admin

Admin

Next Post
With AI, researchers predict the placement of just about any protein inside a human cell | MIT Information

With AI, researchers predict the placement of just about any protein inside a human cell | MIT Information

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Witcher season 4 trailer places Liam Hemsworth’s Geralt into motion

Witcher season 4 trailer places Liam Hemsworth’s Geralt into motion

September 14, 2025
The Obtain: How AI actually works, and phasing out animal testing

The Obtain: How AI actually works, and phasing out animal testing

November 15, 2025

Trending.

Nsfw Chatgpt Options – Examples I’ve Used

Nsfw Chatgpt Options – Examples I’ve Used

October 13, 2025
ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

June 24, 2026
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

June 25, 2026
Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

September 23, 2025
Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

June 29, 2026

AimactGrow

Welcome to AimactGrow, your ultimate source for all things technology! Our mission is to provide insightful, up-to-date content on the latest advancements in technology, coding, gaming, digital marketing, SEO, cybersecurity, and artificial intelligence (AI).

Categories

  • AI
  • Coding
  • Cybersecurity
  • Digital marketing
  • Gaming
  • SEO
  • Technology

Recent News

This ransomware negotiator was paid to battle hackers, he was secretly working with them as a substitute

This ransomware negotiator was paid to battle hackers, he was secretly working with them as a substitute

July 12, 2026
Warframe’s Banshee is getting a rework

Warframe’s Banshee is getting a rework

July 12, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved