CVE-2025-49294 (GCVE-0-2025-49294)

Vulnerability from cvelistv5 – Published: 2025-06-06 12:53 – Updated: 2026-04-01 15:55
VLAI?
Title
WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through <= 2.6.8.2.
Severity ?
No CVSS data available.
CWE
  • CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
Vendor Product Version
CodeRevolution Crawlomatic Multisite Scraper Post Generator Affected: 0 , ≤ 2.6.8.2 (custom)
Create a notification for this product.
Date Public ?
2026-04-01 16:40
Credits
Anhchangmutrang | Patchstack Bug Bounty Program
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-06T19:01:10.557549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-06T19:23:22.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "crawlomatic-multipage-scraper-post-generator",
          "product": "Crawlomatic Multisite Scraper Post Generator",
          "vendor": "CodeRevolution",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.6.9",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.6.8.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anhchangmutrang | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:40:53.999Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through \u003c= 2.6.8.2.\u003c/p\u003e"
            }
          ],
          "value": "Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through \u003c= 2.6.8.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T15:55:14.222Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/crawlomatic-multipage-scraper-post-generator/vulnerability/wordpress-crawlomatic-multisite-scraper-post-generator-plugin-2-6-8-2-sensitive-data-exposure-via-log-exposure-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Crawlomatic Multisite Scraper Post Generator plugin \u003c= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-49294",
    "datePublished": "2025-06-06T12:53:46.025Z",
    "dateReserved": "2025-06-04T09:41:51.339Z",
    "dateUpdated": "2026-04-01T15:55:14.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-49294",
      "date": "2026-04-21",
      "epss": "0.00138",
      "percentile": "0.33847"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-49294\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2025-06-06T13:15:45.400\",\"lastModified\":\"2026-04-01T17:25:00.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through \u003c= 2.6.8.2.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en CodeRevolution Crawlomatic Multisite Scraper Post Generator permite recuperar datos confidenciales incrustados. Este problema afecta al generador de publicaciones Crawlomatic Multisite Scraper desde n/d hasta la versi\u00f3n 2.6.8.2.\"}],\"metrics\":{},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-201\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/Wordpress/Plugin/crawlomatic-multipage-scraper-post-generator/vulnerability/wordpress-crawlomatic-multisite-scraper-post-generator-plugin-2-6-8-2-sensitive-data-exposure-via-log-exposure-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49294\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-06T19:01:10.557549Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-06T19:01:09.550Z\"}}], \"cna\": {\"title\": \"WordPress Crawlomatic Multisite Scraper Post Generator plugin \u003c= 2.6.8.2 - Sensitive Data Exposure via Log Exposure vulnerability\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Anhchangmutrang | Patchstack Bug Bounty Program\"}], \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Retrieve Embedded Sensitive Data\"}]}], \"affected\": [{\"vendor\": \"CodeRevolution\", \"product\": \"Crawlomatic Multisite Scraper Post Generator\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.6.9\", \"status\": \"unaffected\"}], \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.6.8.2\"}], \"packageName\": \"crawlomatic-multipage-scraper-post-generator\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-01T16:40:53.999Z\", \"references\": [{\"url\": \"https://patchstack.com/database/Wordpress/Plugin/crawlomatic-multipage-scraper-post-generator/vulnerability/wordpress-crawlomatic-multisite-scraper-post-generator-plugin-2-6-8-2-sensitive-data-exposure-via-log-exposure-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through \u003c= 2.6.8.2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through \u003c= 2.6.8.2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-201\", \"description\": \"Insertion of Sensitive Information Into Sent Data\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2026-04-01T15:55:14.222Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-49294\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-01T15:55:14.222Z\", \"dateReserved\": \"2025-06-04T09:41:51.339Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2025-06-06T12:53:46.025Z\", \"assignerShortName\": \"Patchstack\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.