Unauthenticated Arbitrary File Upload in WordPress WooCommerce Scraper Plugin
CVE-2025-69129

10CRITICAL

Key Information:

Vendor: WordPress
Status: WordPress & WooCommerce Scraper Plugin, Import Data From Any Site
Vendor: CVE Published:; 17 June 2026

What is CVE-2025-69129?

This vulnerability allows unauthenticated attackers to upload arbitrary files through the WordPress WooCommerce Scraper Plugin, specifically in versions up to and including 1.0.7. The flaw can be exploited to gain unauthorized access to the server, potentially leading to further security breaches. Users of the affected plugin are advised to apply security mitigations and update to the latest version to protect against potential exploitation.

Affected Version(s)

WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7

References

https://patchstack.com/database/wordpress/plugin/wp_scrap...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Dec 29, 2025

Credit

Denver Jackson | Patchstack Bug Bounty Program

CVE-2025-69129 Data

JSON