CVE-2025-49293
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-06

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through <= 2.6.8.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-06
Last Modified
2026-04-23
Generated
2026-05-06
AI Q&A
2025-06-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49293
EUVD
EUVD-2025-17269
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-49293 is a Broken Access Control vulnerability in the WordPress plugin "Crawlomatic Multisite Scraper Post Generator" (versions up to 2.6.8.2). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing users with low privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. This means that access control is incorrectly configured, enabling unauthorized actions. [1]


How can this vulnerability impact me? :

This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or operations within the affected WordPress plugin. Although it has a low severity rating (CVSS 4.3) and is considered unlikely to be exploited, attackers may still attempt opportunistic automated attacks on vulnerable sites. If exploited, it could compromise the integrity of the site or its content. Users are advised to update to version 2.6.9 or later to mitigate the risk. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves checking for unauthorized actions performed by users with Subscriber-level privileges that should require higher privileges. Since the vulnerability is due to missing authorization checks in certain plugin functions, monitoring logs for suspicious privilege escalation attempts or unexpected plugin activity is recommended. Patchstack suggests professional incident response or server-side malware scanning rather than relying on plugin-based scanners, which can be tampered with. Specific commands are not provided in the resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the Crawlomatic Multisite Scraper Post Generator plugin to version 2.6.9 or later, which contains the fix for this vulnerability. Alternatively, applying Patchstack's virtual patching (vPatching) can auto-mitigate the issue before official patches are applied. Additionally, monitoring for suspicious activity and considering professional incident response or server-side malware scanning is advised in case of compromise. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart