WordPress Plugin Vulnerabilities

VaultPress 1.89-1.9 - Unauthenticated RCE

Description

The builtin WAF must be disabled or bypassed for successful exploitation.

v1.89
- Improper usage of openssl_verify
- signature compare - timing attack unsafe
v1.9
- signature compare - timing attack unsafe

Affects Plugins

Plugin icon
vaultpress
Fixed in 1.9.1

References

URL
https://medium.com/websec/unauthenticated-rce-in-vaultpress-the-most-powerful-backups-and-security-for-your-wordpress-site-2ed7f108fbbe
URL
https://hackerone.com/reports/236552

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Submitter
Slavco
Submitter website
https://medium.com/websec
Submitter twitter
mslavco
Verified
No
WPVDB ID
a43d85e6-1718-4c69-97c7-55e81568a3af

Timeline

Publicly Published
2017-09-16 (about 6 years ago)
Added
2017-09-25 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2022-03-08
Title
Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload
Published
2022-02-08
Title
PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox
Published
2015-03-18
Title
Ajax Search Lite < 3.11 - Authenticated RCE
Published
2014-08-01
Title
WP-Syntax < 0.9.10 - Remote Comm& Execution
Published
2023-09-15
Title
Allow PHP in Posts and Pages < 3.0.4 - Authenticated Remote Code Execution (RCE)