Skip to main content

Instawp Connect

5 CVEs product

Monthly

CVE-2026-39504 MEDIUM This Month

InstaWP Connect WordPress plugin through version 0.1.2.5 permits authenticated users to access or modify resources they should not have permission to reach due to missing authorization checks. With CVSS 5.4 (authenticated network access, low complexity), EPSS 0.02%, and no confirmed public exploit code, this represents a moderate privilege escalation risk primarily affecting multi-user WordPress installations where access control segregation is important.

Authentication Bypass Instawp Connect
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-6397 CRITICAL PATCH Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress CSRF Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4898 CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.1%.

Authentication Bypass WordPress Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
90.1%
Threat
6.2
CVE-2024-2667 CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

WordPress File Upload Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
90.7%
Threat
6.2
CVE-2023-3956 CRITICAL PATCH Act Now

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Instawp Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM This Month

InstaWP Connect WordPress plugin through version 0.1.2.5 permits authenticated users to access or modify resources they should not have permission to reach due to missing authorization checks. With CVSS 5.4 (authenticated network access, low complexity), EPSS 0.02%, and no confirmed public exploit code, this represents a moderate privilege escalation risk primarily affecting multi-user WordPress installations where access control segregation is important.

Authentication Bypass Instawp Connect
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress CSRF +1
NVD
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.1%.

Authentication Bypass WordPress Instawp Connect
NVD
EPSS 91% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

WordPress File Upload Instawp Connect
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Instawp Connect
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy