- Description
- The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
Trending CVEs on 28/5/25: CVE-2024-13946 / ABB Cylon / Binary Planting CVE-2025-2636 / Wordpress / Local File Inclusion CVE-2025-24118 / MacOS / Race Condition CVE-2025-32756 / Fortinet / Stack Overflow Learn More: https://t.co/hFSIsw2vfh #EarlyWarning #Infosec https://t.co/lYN
@arpsyndicate
28 May 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability in InstaWP Connect Plugin (CVE-2025-2636) 🚩 https://t.co/pBdaTKa5Ph A severe security flaw has been identified in the #InstaWPConnect #WordPress plugin, tracked as CVE-2025-2636. This vulnerability allows unauthenticated attackers to perform Loca
@Huntio
30 Apr 2025
68 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical vulnerability detected in InstaWP Connect plugin (CVE-2025-2636)! Affects versions < 0.1.0.88, allowing remote code execution. Update to 0.1.0.86+ to secure websites. #InstaWP #Morocco #WebSecurity link: https://t.co/LKZe6m2K5A https://t.co/C0Bwdzht5o
@TweetThreatNews
22 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2636 ⚠️🔴 CRITICAL (9.8) 🏢 instawp - InstaWP Connect – 1-click WP Staging & Migration 🏗️ * 🔗 https://t.co/eZI55vrwQf 🔗 https://t.co/lGmkDvkKmh 🔗 https://t.co/x1RI0FLT1x #CyberCron #VulnAlert #InfoSec https://t.co/4FmpgRMPQc
@cybercronai
12 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Una reciente grave vulnerabilidad (CVE-2025-2636) detectada en el plugin InstaWP Connect de WordPress podría exponer miles de sitios web a ataques remotos. 🧉 https://t.co/MmWLQrwdNW
@MarquisioX
11 Apr 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in InstaWP Connect WordPress plugin (CVE-2025-2636) allows unauthenticated code execution. Protect your digital assets with My Patriot Shield's VPN, backup software, identity data monitoring, and AIG-backed identity theft insurance. * Sign up: https://t.
@MyPatriotShield
11 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressのステージングや移行を容易にする人気プラグインInstaWP Connectにリモートからの任意コード実行を許す重大なLFI脆弱性(CVE-2025-2636)が確認された。認証不要かつネットワーク経由で攻撃可能。 https://t.co/cIRPuwRKkQ
@yousukezan
11 Apr 2025
751 Impressions
4 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2636 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-11 05:15:31 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Dr854Quiwf
@vulns_space
11 Apr 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2636 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the '… https://t.co/3VvMbiDnSO
@CVEnew
11 Apr 2025
302 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2636: CRITICAL] Beware! InstaWP Connect plugin for WordPress is vulnerable to Local File Inclusion up to version 0.1.0.85. Attackers can execute PHP code on the server without authentication.#cybersecurity,#vulnerability https://t.co/agvVmlJZem https://t.co/eDRrqTRlQ7
@CveFindCom
11 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes