What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through <= 2.6.8.2.
Explanation of Vulnerability in Simple Terms
02Summary
Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier expose sensitive information that can be accessed over the network without authentication. An attacker can retrieve partial data from the affected system. No code execution or data modification is possible through this vulnerability.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the plugin without logging in.
Potential impact on your site
04Site Impact
Sensitive data may be exposed to unauthenticated visitors; assess what information the plugin stores.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated