CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01038-missing-authorization-to-unauthenticated-api-setuparbitrary-options-updateadministrative-user-creation
File: wp-content/plugins/instawp-connect/includes/class-instawp-rest-api.php
File: wp-content/plugins/instawp-connect/includes/class-instawp-tools.php
Create user role Administrator
Create api key: https://app.instawp.io/user/api-tokens
