CVE Catalog

CVE-2025-69131

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

The WordPress & WooCommerce Scraper plugin versions <= 1.0.7 allows unauthenticated arbitrary file downloads. This issue arises from improper input validation.

Risk Assessment

An attacker could exploit this vulnerability to download sensitive files from the server, potentially leading to data exposure or system compromise.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and conduct a security audit of the server.

Original NVD description (English source)

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS