WordPress Scraper Plugin Compromised By Security Vulnerability

May 17, 2025 | SEO News Feeds | 0 comments

Wordpress Scraper Plugin Compromised By Security Vulnerability.jpg



SEO Content Writing Service

A WordPress plugin that automatically posts content scraped from other websites has been discovered to contain a critical vulnerability that allows anyone to upload malicious files to affected websites. The severity of the vulnerability is rated at 9.8 on a scale of 1-10.

Crawlomatic Multisite Scraper Post Generator Plugin for WordPress

The Crawlomatic WordPress plugin is sold via the Envato CodeCanyon store for $59 per license. It enables users to crawl forums, weather statistics, articles from RSS feeds, and directly scrape the content from other websites and then automatically publish the content on the user’s website.

The plugin’s Envato CodeCanyon web page features a banner that notes that the author of the plugin has been recognized for having met “WordPress quality standards” and displays a badge indicating that it is “Envato WP Requirements Compliant,” an indication that it meets Envato’s “security, quality, performance and coding standards in WordPress plugins and themes.”

The plugin’s directory page explains that it it can crawl and scrape virtually any website, including JavaScript-based sites, promising that it can turn a user’s website into a “money making machine.”

Unauthenticated Arbitrary File Upload

The Crawlomatic WordPress plugin is missing a filetype validation check in all version prior to and including version 2.6.8.1.

According to a warning posted on Wordfence:

“The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.”

Users of the plugin are recommended by Wordfence to update to at least version 2.6.8.2.

Read more at Wordfence:

Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 – Unauthenticated Arbitrary File Upload

Featured Image by Shutterstock/nakaridore

Attorney Websites For Sale 4ebusiness Media Group

Source link


Anxiety Stress Management

Live a Life of Contentment eBook We all want to be satisfied, even though we know some people who will never be that way, and others who see satisfaction as a foreign emotion that they can’t hope to ever feel.

Newspaper Ads Canyon Crest CA

Click To See Full Page Ads

Click To See Half Page Ads

Click To See Quarter Page Ads

Click To See Business Card Size Ads

If you have questions before you order, give me a call @ 951-235-3518 or email @ canyoncrestnewspaper@gmail.com Like us on Facebook Here

You May Also Like

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Contact Us

Contact Us

Personal Injury Attorney

Websites For Sale Personal Injury Attorneys

Criminal Defense Attorneys

Websites For Sale Criminal Defense Attorney

Bankruptcy Attorneys

Websites For Sale Bankruptcy Attorneys

General Practice Attorneys

Websites For Sale General Practice Attorneys

Family Attorneys

Websites For Sale Family Attorneys

Corporate Attorneys

Websites For Sale Corporate Attorneys

4ebusiness Media Group

Our web agency is based in Riverside, CA since 2010. With a team of creative web developers and marketers, we have been providing high-quality, fast and affordable websites for small businesses.

QUICK LINKS

• About Us

• Our Services

• Contact

• Blog

CONTACT 

Phone number

(951) 235-3518

EMAIL

service4ebusiness@gmail.com

OFFICE HOUR

Monday-Friday: 10:00 – 5:00 PST

Riverside, California

Saturday: Closed

Sunday: Closed

Holidays: Closed

Copyright 2024 – 4ebusiness Media Group All Rights Reserved.

Home Privacy Policy Terms Of Use Anti Spam Policy Contact Us Affiliate Disclosure Amazon Affiliate Disclaimer DMCA Earnings Disclaimer