CVE-2024-23507

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 31, 2024

Updated: Feb 5, 2024

CWE ID 89

Summary

CVE-2024-23507 is a newly identified SQL Injection vulnerability that affects InstaWP Connect – 1-click WP Staging & Migration software. This issue arises due to improper handling of special elements in SQL commands, allowing attackers to inject malicious code into databases. InstaWP Connect versions from n/a through 0.1.0.9 are susceptible to this vulnerability. Exploitation could potentially lead to unauthorized access, information disclosure, or even system takeover. Users are advised to update their installations to the latest patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Insta WP

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uLnevR
https://www.cve.org/CVERecord?id=CVE-2024-23507
https://nvd.nist.gov/vuln/detail/CVE-2024-23507

Back to Vulnerability Database

CVE-2024-23507

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations