Description
WordPress Plugin WP Vault is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Vault version 0.8.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/
https://www.exploit-db.com/exploits/40850/
https://packetstormsecurity.com/files/139979/WordPress-WP-Vault-0.8.6.6-Local-File-Inclusion.html
Related Vulnerabilities
GlassFish Observable Discrepancy Vulnerability (CVE-2013-1620)
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.9)
MySQL CVE-2012-0112 Vulnerability (CVE-2012-0112)
WordPress Plugin WP Customer Reviews Cross-Site Scripting (3.4.2)
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)