The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-11T03:33:19.573Z

Updated: 2024-08-01T21:41:03.350Z

Reserved: 2024-06-27T19:57:23.466Z

Link: CVE-2024-6397

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.350Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-11T04:15:05.997

Modified: 2024-07-12T17:02:56.110

Link: CVE-2024-6397

cve-icon Redhat

No data.