WordPress Plugin Vulnerabilities

WP Vault 0.8.6.6 - Unauthenticated Local File Inclusion (LFI)

Description

The wp-vault WordPress plugin was affected by an Unauthenticated Local File Inclusion (LFI) security vulnerability.

Affects Plugins

Plugin icon
wp-vault
No known fix

References

Exploitdb
40850
URL
https://lenonleite.com.br/en/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
Lenon Leite
Submitter website
http://lenonleite.com.br/
Submitter twitter
lenonleite
Verified
Yes
WPVDB ID
99f98dda-14cf-43fb-bc6c-123f78b44ea7

Timeline

Publicly Published
2016-11-30 (about 9 years ago)
Added
2016-12-01 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-07-16
Title
Madara - Core < 2.2.4 - Unauthenticated Arbitrary File Deletion
Published
2023-12-26
Title
Store Locator WordPress < 1.4.15 - Admin+ Arbitrary File Deletion
Published
2025-03-27
Title
JS Help Desk < 2.9.3 - Unauthenticated Arbitrary File Deletion
Published
2024-08-09
Title
Web Directory Free < 1.7.3 - Unauthenticated LFI
Published
2025-04-10
Title
WPJobBoard < 5.11.1 - Authenticated (Subscriber+) Path Traversal