CVE-2024-2667 – The InstaWP Connect WordPress plugin has an una... (How to Fix)

Q: What is the severity of CVE-2024-2667?

CVE-2024-2667 has a CVSS score of 9.8 (CRITICAL). The InstaWP Connect WordPress plugin has an unauthenticated arbitrary file upload vulnerability in its REST API endpoint. This allows attackers to upload malicious files to vulnerable WordPress sites. All WordPress sites using this plugin up to version 0.1.0.22 are affected.

📋 TL;DR

The InstaWP Connect WordPress plugin has an unauthenticated arbitrary file upload vulnerability in its REST API endpoint. This allows attackers to upload malicious files to vulnerable WordPress sites. All WordPress sites using this plugin up to version 0.1.0.22 are affected.

💻 Affected Systems

Products:

InstaWP Connect – 1-click WP Staging & Migration

Versions: All versions up to and including 0.1.0.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the vulnerable plugin enabled. No authentication required.

📦 What is this software?

Instawp Connect by Instawp

View all CVEs affecting Instawp Connect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, website defacement, data theft, or ransomware deployment.

🟠

Likely Case

Website defacement, backdoor installation, credential theft, or malware distribution.

🟢

If Mitigated

Limited impact with proper file system permissions and web application firewalls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests to the vulnerable endpoint can exploit this. Public exploit code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.0.23 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'InstaWP Connect' and click 'Update Now'. 4. Verify version is 0.1.0.23 or higher.

🔧 Temporary Workarounds

Disable vulnerable REST endpoint

all

Block access to the vulnerable API endpoint via web server configuration or firewall.

# Apache: Add to .htaccess
RewriteRule ^wp-json/instawp-connect/v1/config - [F,L]
# Nginx: Add to server block
location ~* ^/wp-json/instawp-connect/v1/config { deny all; }

Disable plugin

linux

Temporarily disable the InstaWP Connect plugin until patched.

wp plugin deactivate instawp-connect

🧯 If You Can't Patch

Disable the InstaWP Connect plugin immediately.
Implement strict file upload restrictions and monitor for suspicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → InstaWP Connect version. If version ≤ 0.1.0.22, you are vulnerable.

Check Version:

wp plugin get instawp-connect --field=version

Verify Fix Applied:

After updating, confirm plugin version is 0.1.0.23 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /wp-json/instawp-connect/v1/config
File uploads to unusual directories like wp-content/uploads with suspicious extensions

Network Indicators:

Unusual traffic to the vulnerable REST endpoint from unauthenticated sources

SIEM Query:

source="web_server" AND (uri="/wp-json/instawp-connect/v1/config" OR uri="/wp-json/instawp-connect/v1/config/") AND method="POST"

📊 Metadata

CVE ID: CVE-2024-2667

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: May 2, 2024

Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2667, you might also want to check these: