WordPress website owners must take immediate action to address a critical Broken Access Control vulnerability in the InstaWP Connect Plugin. This security flaw poses severe risks to WordPress security, potentially allowing unauthorized access to sensitive areas of the affected website. Ensuring the website is protected from potential exploits is of utmost importance.

The vulnerability was discovered and responsibly reported by Lana Codes, highlighting the significance of proactive security practices in the WordPress ecosystem.


The Broken Access Control vulnerability in the InstaWP Connect Plugin has been rated with critical severity, boasting a CVSS 3.1 score of 9.8. This emphasizes the urgent need to address the issue to prevent potential exploitation.

Affected Versions:

Website owners using any version of the InstaWP Connect Plugin up to and including version are susceptible to this vulnerability. Immediate action is required for these affected versions.


Exploiting this Broken Access Control vulnerability can grant unauthorized access to critical areas of your website. The potential consequences include:

  • Unauthorized modification of website content or settings.
  • Access to sensitive user data.
  • Manipulation of user accounts or roles.
  • Compromise of website security and functionality.


Given the critical severity of this vulnerability and the available fix, website owners must take the following steps immediately:

  1. Update to Latest Version: Update to the latest available version (at least version This version contains the necessary fix to mitigate the Broken Access Control vulnerability.
  2. Regular Security Audits: Conduct regular security audits to identify and address any potential vulnerabilities in WordPress plugins and themes.
  3. Monitor Security Notices: Stay informed about security notices and updates from plugin developers, security researchers, and the WordPress community.

In the realm of WordPress security, proactive measures are indispensable to protect against potential plugin vulnerabilities. By staying vigilant and promptly addressing issues like this Broken Access Control flaw, the website’s security posture enhances user trust.

Remember, WordPress security is a shared responsibility, and taking immediate action to update vulnerable plugins is pivotal in maintaining website integrity and safeguarding user data.