Description
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify arbitrary options. WordPress Plugin InstaWP Connect-1-click WP Staging & Migration version 0.1.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.1.0.9 or latest
References
https://github.com/RandomRobbieBF/CVE-2024-22145
https://plugins.svn.wordpress.org/instawp-connect/trunk/readme.txt
Related Vulnerabilities
ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)
PHP Use After Free Vulnerability (CVE-2016-5773)
Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)
WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)