Crawlomatic Plugin Patched for Critical RCE Flaw

A critical remote code execution vulnerability with a CVSS score of 9.8 has been patched in the Crawlomatic WordPress plugin, according to a notice published by cybersecurity sources. The flaw stemmed from a missing file type validation mechanism, which allowed attackers to upload arbitrary files to affected systems. This oversight enabled unauthorized users to execute malicious code remotely, posing a severe risk to website integrity and data security.

The vulnerability, if left unpatched, could have allowed threat actors to compromise websites running the plugin by uploading executable files disguised under legitimate formats. WordPress administrators using Crawlomatic are urged to update to the latest patched version immediately to mitigate potential exploitation.

Crawlomatic is widely used to automate content crawling and syndication across WordPress platforms. This security issue underscores the importance of strict input validation and file handling practices in plugin development. No incidents of exploitation were cited in the available information at the time of disclosure.