Vulnerabilities > Instawp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2024-10936 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 |
| 2024-08-24 | CVE-2023-6987 | Cross-site Scripting vulnerability in Instawp String Locator The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-06-24 | CVE-2024-37228 | Unspecified vulnerability in Instawp Connect Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. | 9.8 |
| 2024-06-09 | CVE-2024-32701 | Unspecified vulnerability in Instawp Connect Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24. | 8.8 |
| 2024-05-17 | CVE-2024-22145 | Improper Privilege Management vulnerability in Instawp Connect Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | 8.8 |
| 2024-04-03 | CVE-2024-25918 | Unspecified vulnerability in Instawp Connect Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | 8.8 |
| 2024-01-31 | CVE-2024-23507 | Unspecified vulnerability in Instawp Connect Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 8.8 |
| 2024-01-27 | CVE-2024-23506 | Unspecified vulnerability in Instawp Connect Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 6.5 |
| 2022-09-06 | CVE-2022-2434 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. | 8.8 |