Nader Abdi

**Name of the Vulnerable Software and Affected Versions** InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress versions up to, and including, 0.1.0.22 **Description** The issue is related to arbitrary file uploads due to insufficient file validation in the "/wp-json/instawp-connect/v1/config" REST API endpoint. This allows unauthenticated attackers to upload arbitrary files. **Recommendations** For versions up to, and including, 0.1.0.22, consider disabling access to the "/wp-json/instawp-connect/v1/config" API endpoint until a patch is available. Restrict file uploads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.