Instawp

Instawp Connect

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-66068

  • EPSS 0.04%
  • Veröffentlicht 18.12.2025 07:22:17
  • Zuletzt bearbeitet 20.01.2026 15:19:01

Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.

9.8

CVE-2025-2636

  • EPSS 10.16%
  • Veröffentlicht 11.04.2025 04:21:30
  • Zuletzt bearbeitet 11.04.2025 15:39:52

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated at...

7.5

CVE-2025-31387

  • EPSS 0.5%
  • Veröffentlicht 31.03.2025 06:15:30
  • Zuletzt bearbeitet 01.04.2025 20:26:30

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.

8.8

CVE-2024-13913

  • EPSS 0.14%
  • Veröffentlicht 14.03.2025 06:15:24
  • Zuletzt bearbeitet 14.03.2025 06:15:24

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main...

9.8

CVE-2024-6397

  • EPSS 0.59%
  • Veröffentlicht 11.07.2024 04:15:05
  • Zuletzt bearbeitet 21.11.2024 09:49:34

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unaut...

9.8

CVE-2024-37228

  • EPSS 0.85%
  • Veröffentlicht 24.06.2024 13:15:10
  • Zuletzt bearbeitet 06.02.2025 15:04:42

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.

9.8

CVE-2024-4898

  • EPSS 90.04%
  • Veröffentlicht 12.06.2024 11:15:50
  • Zuletzt bearbeitet 21.11.2024 09:43:49

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for...

8.8

CVE-2024-32701

  • EPSS 0.22%
  • Veröffentlicht 09.06.2024 18:15:10
  • Zuletzt bearbeitet 21.11.2024 09:15:30

Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24.

8.8

CVE-2024-22145

  • EPSS 17.82%
  • Veröffentlicht 17.05.2024 09:15:21
  • Zuletzt bearbeitet 07.02.2025 18:35:55

Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.

9.8

CVE-2024-2667

  • EPSS 90.14%
  • Veröffentlicht 02.05.2024 17:15:18
  • Zuletzt bearbeitet 06.02.2025 18:05:25

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0...