Description
WordPress Plugin WP Vault is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Vault version 0.8.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/
https://www.exploit-db.com/exploits/40850/
https://packetstormsecurity.com/files/139979/WordPress-WP-Vault-0.8.6.6-Local-File-Inclusion.html
Related Vulnerabilities
MySQL CVE-2019-2739 Vulnerability (CVE-2019-2739)
WordPress Plugin Chief Editor Multiple Vulnerabilities (3.7.1)
MySQL CVE-2023-22066 Vulnerability (CVE-2023-22066)
WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)
WordPress Plugin Quotes Collection Cross-Site Request Forgery (1.5.5.1)