CVE-2024-25918

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InstaWP Connect versions 0.1.0.8 and earlier

Description The issue allows for code injection due to an unrestricted upload of file with dangerous type vulnerability. This enables remote attackers to upload malicious files, potentially leading to code execution.

Recommendations For InstaWP Connect versions 0.1.0.8 and earlier, update to a newer version or disable the plugin to prevent exploitation. As a temporary workaround, consider restricting access to the plugin until a patch is available.

Fix

Unrestricted File Upload

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-94

Related Identifiers

CVE-2024-25918

Affected Products

Instawp Connect

CVE-2024-25918

Weakness Enumeration

Related Identifiers

Affected Products

References · 8