CVE-2024-2667 Scanner

The InstaWP Connect plugin for WordPress, used for staging and migration, is designed to streamline website management by providing seamless environment replication and data migration capabilities. Developed for WordPress users, it facilitates the rapid creation and management of WordPress instances, appealing to developers, testers, and site managers seeking efficient workflows. InstaWP Connect is known for its ease of use and integration with major hosting services, making it a popular tool within the WordPress community. The plugin offers functionalities to clone, migrate, and sync sites with minimal hassle. As a versatile tool, it supports various WordPress management tasks, ensuring users can maintain site integrity and functionality during transitions. However, security within this tool is critical due to its broad application and integration within WordPress environments.

The Unauthenticated File Upload vulnerability in InstaWP Connect allows attackers to upload arbitrary files without authentication, due to insufficient file validation. This flaw can be exploited through the /wp-json/instawp-connect/v1/config REST API endpoint, affecting versions up to 0.1.0.22. The vulnerability arises from inadequate input handling, which lets unauthorized users potentially introduce malicious files into the system. Given the plugin's role in staging and migration, this vulnerability presents significant security risks. The potential for file upload without credentials can compromise the integrity of WordPress installations utilizing this plugin. Proper security measures for validating and handling file uploads are crucial to mitigating this vulnerability.

The vulnerability exploits the POST request handling at the endpoint /instawp-connect/v1/config, where arbitrary files can be uploaded by attackers. It involves POSTing data to the specified endpoint, particularly targeting the api_key and override_plugin_zip parameters with crafted payloads. The response from the server contains indications of a successful exploit, with status messages in JSON format confirming file upload. This mechanism allows attackers to bypass typical authentication procedures, exploiting improper validation at the endpoint. Once the payload is executed, the server responds with HTTP status 200, indicating a confirmation of the file's acceptance. The vulnerability lies in the plugin's failure to adequately verify the authenticity of requests, thus rendering it susceptible to attacks.

Exploitation of this vulnerability could lead to several severe consequences, including the execution of malicious code within the WordPress environment. Attackers could compromise site data or functionality, alter site behavior, and potentially use the infected site to launch further attacks. The ability to upload arbitrary files opens various pathways for malicious activities, including defacement, data theft, and use as a distribution point for malware. This vulnerability risks the confidentiality, integrity, and availability of WordPress sites utilizing InstaWP Connect. Users must address this oversight promptly to avoid potential disruptions or data breaches.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve
• https://github.com/Nxploited/CVE-2024-2667-Poc
• https://github.com/Puvipavan/CVE-2024-2667