CVE-2024-2667
published 2024-05-02CVE-2024-2667: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
5.75%
92.1th percentile
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| instawp | instawp_connect | < 0.1.0.23 | 0.1.0.23 |
| instawp | instawp_connect_1-click_wp_staging_migration | <= 0.1.0.22 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to the REST API endpoint /?rest_route=/instawp-connect/v1/config or /wp-json/instawp-connect/v1/config with the 'override_plugin_zip' parameter pointing to an external URL. ↗
- →A successful exploitation response returns HTTP 200 with a JSON body containing both '"status":true' and '"message":' fields and Content-Type of application/json. ↗
- →Identify vulnerable WordPress installations by searching for the presence of the InstaWP Connect plugin path in the page body. ↗
- →The attack is unauthenticated — no session or authentication token is required. Any POST to the config endpoint with override_plugin_zip should be treated as suspicious. ↗
- ·The vulnerability affects all versions up to and including 0.1.0.22. Version 0.1.0.23 and later are patched. Ensure detection rules are scoped to installations running vulnerable versions. ↗
- ·The Nuclei template uses an out-of-band interaction (interactsh) to confirm the server fetches the supplied override_plugin_zip URL, meaning passive network monitoring for outbound HTTP requests from the WordPress server triggered by this endpoint can also serve as a detection signal. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
vendor_redhat5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5qjg-g4mj-x7h7: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation
ghsa_unreviewed·2024-05-02
CVE-2024-2667 [CRITICAL] CWE-434 GHSA-5qjg-g4mj-x7h7: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
VulnCheck
InstaWP Connect 1-click WP Staging & Migration plugin for WordPress Arbitrary File Upload
vulncheck·2024·CVSS 9.8
CVE-2024-2667 [CRITICAL] InstaWP Connect 1-click WP Staging & Migration plugin for WordPress Arbitrary File Upload
InstaWP Connect 1-click WP Staging & Migration plugin for WordPress Arbitrary File Upload
The InstaWP Connect -- 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
Affected: InstaWP Connect 1-click WP Staging & Migration Plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-22-unau
Red Hat
kernel: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
vendor_redhat·2024-04-03·CVSS 5.3
CVE-2024-26731 [MEDIUM] CWE-362 kernel: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
kernel: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
syzbot reported the following NULL pointer dereference issue [1]:
BUG: kernel NULL pointer dereference, address: 0000000000000000
[...]
RIP: 0010:0x0
[...]
Call Trace:
sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230
unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0
No detection rules found.
Nuclei
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2024-2667 [CRITICAL] InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
Template:
id: CVE-2024-2667
info:
name: InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
author: DhiyaneshDK
severity: critical
description: |
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve
2024-05-02
Published
Exploited in the wild