Description
WordPress Plugin WP Vault is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Vault version 0.8.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/
https://www.exploit-db.com/exploits/40850/
https://packetstormsecurity.com/files/139979/WordPress-WP-Vault-0.8.6.6-Local-File-Inclusion.html
Related Vulnerabilities
WordPress Plugin ACF Frontend display Arbitrary File Upload (2.0.5)
WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Request Forgery (1.0.16)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20098)
MediaWiki Improper Input Validation Vulnerability (CVE-2011-1580)