GCVE - cpe:2.3:a:themefic:instantio:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:themefic:instantio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themefic (`69fae1e1-81cb-5dd5-92a6-9e186c18d282`)
Product	Instantio (`0d01cefa-75c9-5570-8224-977a7e0ccaa5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/themefic-team/instantio`	purl2cpe	2026-06-01 10:11:22.766882

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39571`	vulnerable	2026-06-08 08:01:16.661397	WordPress Instantio plugin <= 3.3.30 - Sensitive Data Exposure vulnerability MEDIUM (5.3) Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30. Published: 2026-04-08T08:30:20.418Z Updated: 2026-04-29T09:52:02.139Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-plugin-3-3-30-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-47550`	vulnerable	2026-06-08 07:27:14.548865	WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability MEDIUM (6.6) Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through <= 3.3.16. Published: 2025-05-07T14:20:20.099Z Updated: 2026-04-28T16:12:44.721Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-3-3-16-arbitrary-file-upload-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-24581`	vulnerable	2026-06-08 07:12:49.542117	WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability MEDIUM (6.5) Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7. Published: 2025-04-17T15:48:20.004Z Updated: 2026-05-12T23:56:56.583Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-plugin-3-3-7-settings-change-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.