CVE-2024-2667
- EPSS 90.71%
- Veröffentlicht 02.05.2024 17:15:18
- Zuletzt bearbeitet 08.04.2026 19:21:10
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0...
CVE-2024-25918
- EPSS 0.76%
- Veröffentlicht 03.04.2024 12:15:10
- Zuletzt bearbeitet 01.04.2026 16:16:48
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
CVE-2024-23507
- EPSS 0.44%
- Veröffentlicht 31.01.2024 12:16:06
- Zuletzt bearbeitet 01.04.2026 16:16:46
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2024-23506
- EPSS 0.28%
- Veröffentlicht 27.01.2024 00:15:24
- Zuletzt bearbeitet 01.04.2026 16:16:46
Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2023-3956
- EPSS 0.47%
- Veröffentlicht 27.07.2023 07:15:09
- Zuletzt bearbeitet 08.04.2026 18:18:11
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it...