ГлавнаяУязвимости → CVE-2024-2667
9.8критическая

CVE-2024-2667

Описание

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

Затрагиваемое ПО
Instawp Instawp connect
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve