InstaWP Connect WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress, affecting all versions through 0.1.0.83. The vulnerability arises from inadequate nonce validation in the '/migrate/templates/main.php' file, allowing unauthenticated attackers to exploit the plugin's functionality. This could lead to the inclusion and execution of arbitrary files on the server, with any PHP code in those files being executed. Such exploitation could bypass access controls, access sensitive information, or enable code execution in scenarios where images or other 'safe' file types can be uploaded and included.

Impact

Exploitation of this vulnerability could result in unauthorized file inclusion, execution of arbitrary PHP code on the server, and potential bypass of access controls.

Reproduction

To reproduce this vulnerability, an attacker can send a crafted request that exploits the missing nonce validation. This can be done by using a tool that allows for CSRF attacks, such as a browser extension or a custom script, to send a request to the vulnerable endpoint '/migrate/templates/main.php' without the required nonce. The request can include a payload that exploits the local file inclusion vulnerability, such as a reference to a file that contains malicious PHP code.

Remediation

Users are advised to update the InstaWP Connect WordPress plugin to version 0.1.0.84 or later, where this vulnerability has been patched.