9.8
CVE-2024-2667
- EPSS 5.75%
- Veröffentlicht 02.05.2024 17:15:18
- Zuletzt bearbeitet 08.04.2026 19:21:10
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginInstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
Mögliche Gegenmaßnahme
InstaWP Connect – 1-click WP Staging & Migration: Update to version 0.1.0.23, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Instawp ≫ Instawp Connect SwPlatformwordpress Version < 0.1.0.23
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
InstaWP Connect – 1-click WP Staging & Migration
Version
*-0.1.0.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.75% | 0.921 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea