Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 12/06/2024 Updated: 13/06/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated malicious users to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.

CVE-2024-4898-Poc CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 01038 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation wwwwordfencecom/threat-intel/vulnerabilities/wordpress-plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01038-missing-authorizati

CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

CVE-2024-4898-Poc CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 01038 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation wwwwordfencecom/threat-intel/vulnerabilities/wordpress-plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01038-missing-authorizati

https://www.wordfence.com/threat-intel/vulnerabilities/id/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=cve https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.1.0.38/includes/class-instawp-rest-api.php#L926 https://nvd.nist.gov https://github.com/cve-2024/CVE-2024-4898-Poc https://github.com/truonghuuphuc/CVE-2024-4898-Poc

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-4898

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect