NotCVE - vendor:"Instawp Connect" product:"Instawp Connect" version:" >= 0.0.0.0 <= 0.1.0.38"

8 results (0.012 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-37228 – WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-37228

21 Jun 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make r... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2024-4898 – InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

https://notcve.org/view.php?id=CVE-2024-4898

11 Jun 2024 — The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. El complemento InstaWP Connect – 1-click WP Staging & Migration para WordPress es vulnerable a actualizaciones de opciones arbitrari... • https://github.com/truonghuuphuc/CVE-2024-4898-Poc • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32701 – WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-32701

22 Apr 2024 — Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24. Vulnerabilidad de autorización faltante en InstaWP Team InstaWP Connect. Este problema afecta a InstaWP Connect: desde n/a hasta 0.1.0.24. The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 0.1.0.24. This makes it possible for authenticated attackers, with subscrib... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-24-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25918 – WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability

https://notcve.org/view.php?id=CVE-2024-25918

14 Feb 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en InstaWP Team InstaWP Connect permite la inyección de código. Este problema afecta a InstaWP Connect: desde n/a hasta 0.1.0.8. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up ... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-remote-code-execution-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-23506 – WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure

https://notcve.org/view.php?id=CVE-2024-23506

24 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. Este problema afecta a InstaWP Connect – 1-click WP Staging & Migration: desde n/a hasta 0.1.0.9. The InstaWP Connect – 1-c... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-23507 – WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2024-23507

24 Jan 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. Este problema afecta a InstaWP Connect – 1-click WP Staging & M... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-22145 – WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2024-22145

17 Jan 2024 — Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8. Vulnerabilidad de gestión de privilegios incorrecta en InstaWP Team InstaWP Connect permite la escalada de privilegios. Este problema afecta a InstaWP Connect: desde n/a hasta 0.1.0.8. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on... • https://github.com/RandomRobbieBF/CVE-2024-22145 • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3956 – InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver

https://notcve.org/view.php?id=CVE-2023-3956

26 Jul 2023 — The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user. El plugin InstaWP Connect para WordPress es vulnera... • https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.0.9.18/includes/class-instawp-rest-apis.php#L103 • CWE-862: Missing Authorization •