Instawp Connect vulnerabilities
13 known vulnerabilities affecting instawp/instawp_connect.
Total CVEs
13
CISA KEV
0
Public exploits
3
Exploited in wild
7
Severity breakdown
CRITICAL5HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-2667P1CRITICALCVSS 9.8ExploitedPoCfixed in 0.1.0.232024-05-02
CVE-2024-2667 [CRITICAL] CWE-434 CVE-2024-2667: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
nvd
CVE-2024-4898P1CRITICALCVSS 9.8ExploitedPoCfixed in 0.1.0.392024-06-12
CVE-2024-4898 [CRITICAL] CWE-862 CVE-2024-4898: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create
nvd
CVE-2024-22145P2HIGHCVSS 8.8ExploitedPoCfixed in 0.1.0.9≤ 0.1.0.82024-05-17
CVE-2024-22145 [HIGH] CWE-266 CVE-2024-22145: Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue a
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
nvd
CVE-2024-37228P1CRITICALCVSS 9.8Exploitedfixed in 0.1.0.39≤ 0.1.0.382024-06-24
CVE-2024-37228 [CRITICAL] CWE-434 CVE-2024-37228: Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-con
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38.
nvd
CVE-2024-25918P2HIGHCVSS 8.8Exploitedfixed in 0.1.0.9≤ 0.1.0.82024-04-03
CVE-2024-25918 [HIGH] CWE-94 CVE-2024-25918: Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect i
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
nvd
CVE-2024-23506P2MEDIUMCVSS 6.5Exploited≤ 0.1.0.92024-01-27
CVE-2024-23506 [MEDIUM] CWE-201 CVE-2024-23506: Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-c
Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
nvd
CVE-2024-23507P2HIGHCVSS 8.8Exploited≤ 0.1.0.92024-01-31
CVE-2024-23507 [HIGH] CWE-89 CVE-2024-23507: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
nvd
CVE-2024-6397P2CRITICALCVSS 9.8fixed in 0.1.0.452024-07-11
CVE-2024-6397 [CRITICAL] CWE-288 CVE-2024-6397: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentic
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they ha
nvd
CVE-2023-3956P3CRITICALCVSS 9.8≤ 0.0.9.182023-07-27
CVE-2023-3956 [CRITICAL] CWE-862 CVE-2023-3956: The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate
nvd
CVE-2024-32701P3HIGHCVSS 8.8fixed in 0.1.0.25≤ 0.1.0.242024-06-09
CVE-2024-32701 [HIGH] CWE-862 CVE-2024-32701: Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects In
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.24.
nvd
CVE-2025-31387P3HIGHCVSS 7.5≤ 0.1.0.822025-03-31
CVE-2025-31387 [HIGH] CWE-98 CVE-2025-31387: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This issue affects InstaWP Connect: from n/a through <= 0.1.0.82.
nvd
CVE-2025-66068P4MEDIUMCVSS 6.5≤ 0.1.1.92025-12-18
CVE-2025-66068 [MEDIUM] CWE-862 CVE-2025-66068: Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
nvd
CVE-2026-39504P4MEDIUMCVSS 5.4≤ 0.1.2.52026-04-08
CVE-2026-39504 [MEDIUM] CWE-862 CVE-2026-39504: Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
nvd