Exploit for CVE-2025-4389

Name: Exploit for CVE-2025-4389
Rating: 5 (232 reviews)
2025-05-26 | CVSS 9.8
## https://sploitus.com/exploit?id=53AF1E06-02D7-5AC7-8A97-CDF5CD6CFAA3
# CVE-2025-4389 Exploit 

### Details

- **Published**: May 16, 2025
- **Updated**: May 17, 2025
- **Severity**: Critical (CVSS Score: 9.8 )
- **CWE**: CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
- **Affected Versions**: All versions from n/a through 2.6.8.1
- **Researcher**: https://www.wordfence.com/threat-intel/vulnerabilities/researchers/friderika-baranyai

### CVSS Vector

- **CVSS Version**: 9.8
- **Vector String**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

## Description

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

### Usage

```sh
usage: python3 CVE-2025-4389.py
```

## Script Details

### Installation

1. Clone the repository:
    ```sh
    git clone https://github.com/Yucaerin/CVE-2025-4389.git
    cd CVE-2025-4389
    ```
   
## Disclaimer

This script is intended for educational purposes only. Use it responsibly and only on systems for which you have explicit permission. Unauthorized use of this script is illegal and unethical.