CVE-2024-2667

CRITICAL EXPLOITED NUCLEI

InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2024-2667 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Puvipavan, Boshe99, Nxploited. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in InstaWP Connect plugin versions up to 0.1.0.22. It allows an attacker to upload a malicious WordPress plugin via a REST API endpoint, leading to remote code execution.

Description

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

Exploits (3)

nomisec WORKING POC 2 stars
by Puvipavan · remote
https://github.com/Puvipavan/CVE-2024-2667

This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in InstaWP Connect plugin versions up to 0.1.0.22. It allows an attacker to upload a malicious WordPress plugin via a REST API endpoint, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22
No auth needed
Prerequisites: Access to the target WordPress site · A malicious WordPress plugin zip file hosted on an attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-2667-Poc

The repository contains functional exploit code for CVE-2024-2667, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: target URL · malicious file to upload
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by Nxploited · remote
https://github.com/Nxploited/CVE-2024-2667-Poc

This PoC exploits CVE-2024-2667, an arbitrary file upload vulnerability in the InstaWP Connect WordPress plugin (versions <= 0.1.0.22). It checks the target's plugin version and attempts to upload a malicious plugin via the REST API endpoint.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: InstaWP Connect WordPress plugin <= 0.1.0.22
No auth needed
Prerequisites: Target WordPress site with vulnerable InstaWP Connect plugin · Attacker-controlled plugin ZIP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
CRITICALVERIFIEDby DhiyaneshDK
FOFA: body="/wp-content/plugins/instawp-connect/"

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0575
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-04-12
CWE
CWE-434
Status published
Products (2)
instawp/InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.22
instawp/instawp_connect < 0.1.0.23
Published May 02, 2024
Tracked Since Feb 18, 2026