Описание
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.0.23 (исключая)
cpe:2.3:a:instawp:instawp_connect:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 100%
0.90137
Критический
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
EPSS
Процентиль: 100%
0.90137
Критический
9.8 Critical
CVSS3
Дефекты
CWE-434