VYPR

Instawp Connect

by Instawp

CVEs (15)

  • CVE-2024-4898CriJun 12, 2024
    risk 0.71cvss 9.8epss 0.04

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers…

  • CVE-2024-2667CriMay 2, 2024
    risk 0.71cvss 9.8epss 0.06

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it…

  • CVE-2024-37228CriJun 24, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38.

  • CVE-2024-25918CriApr 3, 2024
    risk 0.64cvss 9.9epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.

  • CVE-2024-22145HigMay 17, 2024
    risk 0.61cvss 8.8epss 0.01

    Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.

  • CVE-2024-6397CriJul 11, 2024
    risk 0.57cvss 9.8epss 0.01

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log…

  • CVE-2023-3956CriJul 27, 2023
    risk 0.57cvss 9.8epss 0.01

    The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated…

  • CVE-2024-23507HigJan 31, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

  • CVE-2024-13913HigMar 14, 2025
    risk 0.50cvss 8.8epss 0.02

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it…

  • CVE-2024-23506HigJan 27, 2024
    risk 0.50cvss 7.7epss 0.01

    Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

  • CVE-2025-31387HigMar 31, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This issue affects InstaWP Connect: from n/a through <= 0.1.0.82.

  • CVE-2025-2636HigApr 11, 2025
    risk 0.46cvss 8.1epss 0.10

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and…

  • CVE-2025-66068MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.

  • CVE-2026-39504MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.

  • CVE-2024-32701MedJun 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.24.