CVE-2024-2667 — AI Deep Analysis Summary

🚨 **Essence**: Arbitrary File Upload via REST API. <br>💥 **Consequences**: Attackers can upload malicious plugins (backdoors), leading to full server compromise, data theft, and site defacement.

🛡️ **Root Cause**: Insufficient file validation in the `/wp-json/instawp-connect/v1/config` endpoint. <br>🔍 **CWE**: CWE-434 (Unrestricted Upload of File with Dangerous Type).

📦 **Affected**: WordPress Plugin **InstaWP Connect**. <br>📉 **Versions**: **0.1.0.22** and earlier. <br>🏢 **Vendor**: InstaWP.

🕵️ **Attacker Actions**: Upload arbitrary ZIP files containing PHP backdoors. <br>🔓 **Privileges**: Unauthenticated access. <br>📊 **Impact**: High (C). High (I). High (A).

⚡ **Threshold**: **LOW**. <br>🔑 **Auth**: **None required** (Unauthenticated). <br>🌐 **Access**: Direct HTTP POST to REST API endpoint.

🔓 **Exploitation**: **YES**. <br>📜 **PoCs**: Available on GitHub (e.g., Puvipavan, Nxploited) and Nuclei templates. <br>🚀 **Ease**: Simple CURL command execution.

🔍 **Self-Check**: Scan for the endpoint `/wp-json/instawp-connect/v1/config`. <br>🛠️ **Tools**: Use Nuclei templates or manual CURL tests with dummy API keys. <br>👀 **Visual**: Check installed plugins list in WP admin.

🩹 **Fix**: Update plugin to version **> 0.1.0.22**. <br>📢 **Source**: WordPress Trac changeset confirms fix release. <br>✅ **Status**: Patched in newer versions.

🚧 **No Patch?**: Disable the plugin immediately. <br>🚫 **Block**: Firewall rules to block access to `/instawp-connect/v1/config`. <br>🔒 **Monitor**: Watch for suspicious PHP files in `/wp-content/plugins/`.

🔥 **Urgency**: **CRITICAL**. <br>⚠️ **Reason**: Unauthenticated, easy exploit, full RCE potential. <br>🏃 **Action**: Patch or disable **IMMEDIATELY**.