Headline
CVE-2017-20086: Full Disclosure: VaultPress - Remote Code Execution via Man in The Middle attack
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev
Full Disclosure mailing list archives
From: Summer of Pwnage <lists () securify nl>
Date: Wed, 1 Mar 2017 07:11:00 +0100
------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack
David Vaartjes, July 2016
Abstract
A Man in The Middle (MiTM) vulnerability has been identified in the VaultPress plugin of WordPress. This issue allows an attacker to to sniff clear-text communication and to run arbitrary PHP code on the affected WordPress host.
OVE ID
OVE-20160728-0002
Tested versions
This issue was successfully tested on VaultPress WordPress Plugin version 1.8.4
Fix
There is currently no fix available.
Details
https://sumofpwn.nl/advisory/2016/vaultpress___remote_code_execution_via_man_in_the_middle_attack.html
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- VaultPress - Remote Code Execution via Man in The Middle attack Summer of Pwnage (Feb 28)