Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in WordPress Crawlomatic Plugin
Alerts

Critical Vulnerability in WordPress Crawlomatic Plugin

20 May 2025

Wordfence has released security updates addressing a critical vulnerability affecting WordPress Crawlomatic Plugin. Users and administrators of affected products are advised to update to the latest versions.

Critical Vulnerability in WordPress Crawlomatic Plugin

Background

Wordfence has released security updates addressing a critical vulnerability (CVE-2025-4389) affecting WordPress Crawlomatic Plugin. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files and perform remote code execution.

Affected Products

The vulnerability affects WordPress Crawlomatic Plugin versions 2.6.8.1 and earlier.

Mitigation

Users and administrators of affected products are advised to update to the latest versions.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-4389

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/crawlomatic-multipage-scraper-post-generator

https://thecyberexpress.com/crawlomatic-plugin-hit-by-cve-2025-4389/


Back to top