.png)
5 months ago
42 BOOK THIS SPACE FOR AD
ARTICLE AD
## https://sploitus.com/exploit?id=01DE45E8-EEFF-5C2D-BD7B-31735B767DDB
# CVE-2024-4898-Poc
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01038-missing-authorization-to-unauthenticated-api-setuparbitrary-options-updateadministrative-user-creation
File: wp-content/plugins/instawp-connect/includes/class-instawp-rest-api.php
File: wp-content/plugins/instawp-connect/includes/class-instawp-tools.php
## Poc:
Create user role Administrator
Create api key: https://app.instawp.io/user/api-tokens
https://github.com/truonghuuphuc/CVE-2024-4898-Poc/assets/20487674/01be7c07-1894-4e70-9966-5ba7dce1fd2a
Bengali (Bangladesh) · 
English (United States) ·