Code Injection Vulnerability Affects InstaWP Connect
CVE-2024-37228
9.8CRITICAL
Summary
A vulnerability exists within InstaWP Connect, a product by InstaWP Team, allowing for improper control of code generation, specifically leading to code injection attacks. This flaw may enable attackers to execute arbitrary code, posing significant risks to systems running affected versions. The vulnerability impacts all versions of InstaWP Connect up to and including 0.1.0.38, necessitating immediate attention and remediation.
Affected Version(s)
InstaWP Connect <= 0.1.0.38
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
AtaTurk1925 (Patchstack Alliance)