cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2667,https://securityvulnerability.io/vulnerability/CVE-2024-2667,Unauthenticated File Upload Vulnerability in InstaWP Connect,"The InstaWP Connect plugin for WordPress is susceptible to a vulnerability that allows unauthenticated users to upload arbitrary files. This stems from inadequate file validation within the REST API endpoint located at /wp-json/instawp-connect/v1/config. All versions of the plugin up to and including 0.1.0.22 are affected, enabling potential threats that could compromise the integrity of the hosting environment.",Wordpress,InstaWP Connect – 1-click WP Staging & Migration,9.8,CRITICAL,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-02T16:52:52.798Z,0
CVE-2023-3956,https://securityvulnerability.io/vulnerability/CVE-2023-3956,Unauthorized Data Access Vulnerability in InstaWP Connect Plugin for WordPress,"The InstaWP Connect plugin for WordPress has a significant vulnerability due to a missing capability check in its 'events_receiver' function. This allows unauthenticated attackers to access sensitive data, modify existing information, and execute unauthorized actions such as installing or deactivating plugins, altering customizer settings, and manipulating user accounts—including those with administrative privileges. Such weaknesses pose a serious threat to the security and integrity of WordPress sites using affected versions up to and including 0.0.9.18.",Wordpress,InstaWP Connect – 1-click WP Staging & Migration (beta),9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2023-07-27T07:15:00.000Z,0