{"id":43261,"date":"2025-05-23T17:20:37","date_gmt":"2025-05-23T17:20:37","guid":{"rendered":""},"modified":"2025-06-04T11:01:39","modified_gmt":"2025-06-04T17:01:39","slug":"cve-2025-4389-arbitrary-file-upload-vulnerability-in-wordpress-crawlomatic-multipage-scraper-post-generator-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-4389-arbitrary-file-upload-vulnerability-in-wordpress-crawlomatic-multipage-scraper-post-generator-plugin\/","title":{"rendered":"CVE-2025-4389: Arbitrary File Upload Vulnerability in WordPress Crawlomatic Multipage Scraper Post Generator Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the rapidly evolving digital landscape, cybersecurity threats are a persistent concern. One such vulnerability has been identified in the Crawlomatic Multipage Scraper Post Generator plugin for WordPress, a popular content management system. This vulnerability, labeled as CVE-2025-4389, allows for arbitrary file uploads, opening potential doors for unauthenticated attackers to compromise systems<\/a>.
\nThe severity of this threat is significant, given the widespread use of WordPress and the popularity of the Crawlomatic plugin<\/a>. This vulnerability puts at risk millions of websites, potentially enabling hackers to execute remote code<\/a>, compromise systems, or leak sensitive data, making it a matter of urgent concern for administrators, developers, and users alike.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-4389
\nSeverity: Critical (9.8 CVSS Severity Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n