VaultPress 1.89-1.9 - Unauthenticated RCE



Description
The builtin WAF must be disabled or bypassed for successful exploitation.

v1.89 
- Improper usage of openssl_verify 
- signature compare - timing attack unsafe 
v1.9 
- signature compare - timing attack unsafe 

Affects Plugin

fixed in version 1.9.1

References

URL https://medium.com/websec/unauthenticated-rce-in-vaultpress-the-most-powerful-backups-and-security-for-your-wordpress-site-2ed7f108fbbe
URL https://hackerone.com/reports/236552

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter Slavco
Submitter Website https://medium.com/websec
Submitter Twitter mslavco
Views 4529
Verified No
WPVDB ID 8909

Timeline

Publicly Published 2017-09-16 (about 2 years ago)
Added 2017-09-25 (almost 2 years ago)
Last Updated 2017-09-25 (almost 2 years ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin