Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

InstaWP — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting InstaWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Instawp provides a WordPress staging and testing environment, enabling developers to safely preview changes. Historically, the platform has been vulnerable to multiple security issues, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These flaws often stemmed from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the 18 recorded CVEs indicate a consistent pattern of security challenges that have required patches over time. The platform's core functionality of creating temporary WordPress instances inherently presents complex attack surfaces that require rigorous security measures to protect against potential exploitation.

Top products by InstaWP: InstaWP Connect InstaWP Connect – 1-click WP Staging & Migration String locator
CVE IDTitleCVSSSeverityPublished
CVE-2026-39504 WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 5.4 Medium2026-04-08
CVE-2025-66068 WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 6.5 Medium2025-12-18
CVE-2025-2636 InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-22 8.1 High2025-04-11
CVE-2025-31387 WordPress InstaWP Connect plugin <= 0.1.0.82 - Local File Inclusion vulnerability — InstaWP ConnectCWE-98 7.5 High2025-03-31
CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-352 8.8 High2025-03-14
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection — String locatorCWE-502 8.8 High2025-01-21
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting — String locatorCWE-79 6.1 Medium2024-08-24
CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin — InstaWP Connect – 1-click WP Staging & MigrationCWE-288 9.8 Critical2024-07-11
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability — InstaWP ConnectCWE-434 10.0 Critical2024-06-24
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation — InstaWP Connect – 1-click WP Staging & MigrationCWE-862 9.8 Critical2024-06-12
CVE-2024-32701 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 4.3 Medium2024-06-09
CVE-2024-22145 WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability — InstaWP ConnectCWE-266 8.8 High2024-05-17
CVE-2024-2667 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload — InstaWP Connect – 1-click WP Staging & MigrationCWE-434 9.8 Critical2024-05-02
CVE-2024-25918 WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerability — InstaWP ConnectCWE-94 9.9 Critical2024-04-03
CVE-2024-23507 WordPress InstaWP Connect plugin <= 0.1.0.9 - SQL Injection vulnerability — InstaWP ConnectCWE-89 8.5 High2024-01-31
CVE-2024-23506 WordPress InstaWP Connect plugin <= 0.1.0.9 - Sensitive Data Exposure vulnerability — InstaWP ConnectCWE-201 7.7 High2024-01-26
CVE-2023-3956 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver — InstaWP Connect – 1-click WP Staging & MigrationCWE-862 9.8 Critical2023-07-27
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization — String locatorCWE-502 8.8 High2022-09-06

This page lists every published CVE security advisory associated with InstaWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.