CVE-2024-2667 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-2667
CWE	https://cwe.mitre.org/data/definitions/.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-2667

CWE

https://cwe.mitre.org/data/definitions/.html

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

References

https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3061039%40instawp-connect\u0026new=3061039%40instawp-connect\u0026sfp_email=\u0026sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve