CVE-2024-25918 WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerability

🗓️ 03 Apr 2024 12:11:07Reported by PatchstackType

WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution & File Upload vulnerabilitie

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-25918	14 Feb 202509:46	–	circl
CNNVD	WordPress Plugin InstaWP Connect 代码问题漏洞	3 Apr 202400:00	–	cnnvd
CVE	CVE-2024-25918	3 Apr 202412:11	–	cve
EUVD	EUVD-2024-23220	3 Oct 202520:07	–	euvd
NVD	CVE-2024-25918	3 Apr 202412:15	–	nvd
OSV	CVE-2024-25918	3 Apr 202412:15	–	osv
Patchstack	WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Remote Code Execution (RCE)	14 Feb 202400:00	–	patchstack
Positive Technologies	PT-2024-21210 · Unknown · Instawp Connect	3 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-25918	5 Feb 202513:05	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2024-25918	14 Feb 202400:00	–	vulncheck_kev

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "instawp-connect",
    "product": "InstaWP Connect",
    "vendor": "InstaWP",
    "versions": [
      {
        "changes": [
          {
            "at": "0.1.0.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.1.0.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-8-remote-code-execution-vulnerability

28 Apr 2026 16:09Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.9

EPSS0.00756

CWE-94