Description
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin InstaWP Connect-1-click WP Staging & Migration version 0.1.0.22 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.1.0.23 or latest
References
Related Vulnerabilities
IBM WebSEAL Session Fixation Vulnerability (CVE-2019-4152)
PHP Other Vulnerability (CVE-2007-4889)
WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.6.11)
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (3.9.2)