VaultPress 1.89-1.9 - Unauthenticated RCE

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The builtin WAF must be disabled or bypassed for successful exploitation.

v1.89 
- Improper usage of openssl_verify 
- signature compare - timing attack unsafe 
v1.9 
- signature compare - timing attack unsafe 

Affects Plugin

fixed in version 1.9.1

References

URL https://medium.com/websec/unauthenticated-rce-in-vaultpress-the-most-powerful-backups-and-security-for-your-wordpress-site-2ed7f108fbbe
URL https://hackerone.com/reports/236552

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter Slavco
Submitter Website https://medium.com/websec
Submitter Twitter mslavco
Views 36
Verified No
WPVDB ID 8909

Timeline

Publicly Published 2017-09-16 (about 1 month ago)
Added 2017-09-25 (29 days ago)
Last Updated 2017-09-25 (29 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.