Wiz
Vulnerability DatabaseCVE-2025-4389

CVE-2025-4389
WordPress vulnerability analysis and mitigation

Overview

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress contains a critical security vulnerability (CVE-2025-4389) discovered on May 17, 2025. The vulnerability affects versions up to and including 2.6.8.1, where missing file type validation in the crawlomaticgeneratefeatured_image() function allows unauthenticated attackers to upload arbitrary files to affected sites (NVD CVE, Wiz Report).

Technical details

The vulnerability stems from insufficient file type validation in the crawlomaticgeneratefeatured_image() function. It has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL), indicating the highest severity level. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD CVE, Wiz Report).

Impact

The vulnerability enables unauthenticated attackers to upload arbitrary files to the affected site's server. This capability could potentially lead to remote code execution, giving attackers complete control over the affected WordPress installation (NVD CVE, Wiz Report).

Mitigation and workarounds

Website administrators running the Crawlomatic Multipage Scraper Post Generator plugin should immediately update to a version newer than 2.6.8.1 if available. If no patch is available, it is recommended to disable or remove the plugin until a security fix is released (Wiz Report).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo