WordPress Plugin Vulnerabilities

VaultPress <= 1.8.6 - Backend Server SSL Verification Disabled

Description

The VaultPress WordPress plugin was affected by a Backend Server SSL Verification Disabled security vulnerability.

Affects Plugins

Plugin icon
vaultpress
Fixed in 1.8.7

References

URL
https://sumofpwn.nl/advisory/2016/vaultpress___remote_code_execution_via_man_in_the_middle_attack.html
URL
https://seclists.org/fulldisclosure/2017/Feb/95
URL
https://plugins.trac.wordpress.org/changeset/1607404/vaultpress

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
903b2844-8bd4-4245-a2a6-5294b047f822

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-02 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
Easy Contact Forms Export 1.1.0 - Information Disclosure
Published
2014-08-01
Title
Site5 Wordpress Themes Email Spoofing
Published
2026-01-22
Title
LazyTasks < 1.3.01 - Unauthenticated Privilege Escalation
Published
2025-10-28
Title
User Toolkit < 1.2.4 - Unauthenticated Privilege Escalation
Published
2014-08-01
Title
NS Utilities 1.0 - Unspecified Remote Issue