Vulnerabilities > Instawp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-24 | CVE-2023-6987 | Cross-site Scripting vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-07-11 | CVE-2024-6397 | Improper Authentication vulnerability in Instawp Connect The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. | 9.8 |
| 2024-06-12 | CVE-2024-4898 | Missing Authorization vulnerability in Instawp Connect The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. | 9.8 |
| 2024-06-09 | CVE-2024-32701 | Missing Authorization vulnerability in Instawp Connect Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24. | 8.8 |
| 2024-01-31 | CVE-2024-23507 | SQL Injection vulnerability in Instawp Connect Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 8.8 |
| 2024-01-27 | CVE-2024-23506 | Unspecified vulnerability in Instawp Connect Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 6.5 |
| 2023-07-27 | CVE-2023-3956 | Unspecified vulnerability in Instawp Connect The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. | 9.8 |
| 2022-09-06 | CVE-2022-2434 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. | 8.8 |