Summary: Moroccan authorities have issued a warning about a critical vulnerability (CVE-2025-2636) in the InstaWP Connect WordPress plugin, affecting versions prior to 0.1.0.88. The vulnerability allows unauthorized attackers to execute malicious PHP code, potentially compromising entire websites. Website administrators are urged to update to a patched version to prevent exploitation and strengthen security.
Affected: InstaWP Connect WordPress Plugin
Keypoints :
- Vulnerability CVE-2025-2636 allows remote code execution on affected websites.
- Older versions of the plugin (<= 0.1.0.85) are particularly at risk.
- Website administrators should update to version 0.1.0.86 or later to mitigate risks.
- This vulnerability has a high severity rating with a CVSS score of 8.1.
- Regular security updates are essential to prevent future vulnerabilities.
Source: https://thecyberexpress.com/vulnerability-in-instawp-connect-plugin/