WordPress plugin InstaWP Connect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2024-21210 · Unknown · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect versions 0.1.0.8 and earlier Description: The issue allows for code injection due to an unrestricted upload of file with dangerous type vulnerability. This enables remote attackers to upload malicious files, potentially leadin...

PT-2024-1300 · Unknown · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect versions 0.1.0.8 and earlier Description: The issue is related to improper privilege management, allowing privilege escalation. It is associated with the save management settings function and inadequate authorization procedure...

WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Privilege Escalation

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.8 Fixed in 0.1.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-22145 Patch priority High CVSS severity High 8.8 Developer InstaWP PSID f661e38694ec Credits Majed Refae...