Description
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Xhanch-My Twitter Multiple Cross-Site Request Forgery Vulnerabilities (2.7.7)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.23)
Internet Information Services Other Vulnerability (CVE-2000-0631)
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)