The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-12T11:05:07.625Z

Updated: 2024-08-01T20:55:10.271Z

Reserved: 2024-05-15T07:33:21.328Z

Link: CVE-2024-4898

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.271Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-12T11:15:50.907

Modified: 2024-07-23T17:50:44.033

Link: CVE-2024-4898

cve-icon Redhat

No data.