Code Injection Vulnerability Affects InstaWP Connect
CVE-2024-37228

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: InstaWP Connect
Vendor: CVE Published:; 24 June 2024

What is CVE-2024-37228?

A vulnerability exists within InstaWP Connect, a product by InstaWP Team, allowing for improper control of code generation, specifically leading to code injection attacks. This flaw may enable attackers to execute arbitrary code, posing significant risks to systems running affected versions. The vulnerability impacts all versions of InstaWP Connect up to and including 0.1.0.38, necessitating immediate attention and remediation.

Affected Version(s)

InstaWP Connect <= 0.1.0.38

References

https://patchstack.com/database/vulnerability/instawp-con...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jun 4, 2024

Credit

AtaTurk1925 (Patchstack Alliance)

WordPress

What is CVE-2024-37228?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit