CVE-2024-2667 [CRITICAL] :

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

AFCEA SIGNAL MEDIA

news

SIGNAL Media delivers award-winning news, analysis and important perspectives to help people understand the complex world of cyber, defense, security, intelligence and related information technology disciplines. With our accurate, unbiased and ethical reporting, we keep stakeholders in-the-know so they may focus on advancing global security.

https://www.afcea.org/signal-media#

Listed: Sun Nov 12 2023