WordPress Plugin Vulnerabilities
VaultPress 1.89-1.9 - Unauthenticated RCE
Description
The builtin WAF must be disabled or bypassed for successful exploitation.
v1.89
- Improper usage of openssl_verify
- signature compare - timing attack unsafe
v1.9
- signature compare - timing attack unsafe
Affects Plugins
References
Classification
Type
RCE
OWASP top 10
CWE
Miscellaneous
Submitter
Slavco
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2017-09-16 (about 6 years ago)
Added
2017-09-25 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)