Lucene search

Exploit for Missing Authorization in Instawp Instawp Connect

🗓️ 12 Jun 2024 10:14:03Type

CVE-2024-4898 InstaWP Connect Missing Authorization to Unauthenticated API Setup/Arbitrary Options Update/Administrative User Creatio

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation	12 Jun 202411:05	–	cvelist
GithubExploit	Exploit for Missing Authorization in Instawp Instawp Connect	14 Jun 202407:01	–	githubexploit
CVE	CVE-2024-4898	12 Jun 202411:15	–	cve
WPVulnDB	InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.39 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation	11 Jun 202400:00	–	wpvulndb
Vulnrichment	CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation	12 Jun 202411:05	–	vulnrichment
Patchstack	WordPress InstaWP Connect Plugin <= 0.1.0.38 is vulnerable to Broken Access Control	12 Jun 202400:00	–	patchstack
NVD	CVE-2024-4898	12 Jun 202411:15	–	nvd
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)	20 Jun 202413:40	–	wordfence

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jun 2024 10:03Current

9.6High risk

Vulners AI Score9.6

CVSS39.8

EPSS0.4637

SSVC

cve-2024-4898; instawp connect; missing authorization; unauthenticated api; administrative user creation; arbitrary options update; wordpress plugins; user role administrator; api key generation; exploit