Description
WordPress Plugin WP Vault is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Vault version 0.8.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/
https://www.exploit-db.com/exploits/40850/
https://packetstormsecurity.com/files/139979/WordPress-WP-Vault-0.8.6.6-Local-File-Inclusion.html
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2016-2390)
WordPress Plugin Compact WP Audio Player Multiple Vulnerabilities (1.9.6)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-6816)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2005-2946)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37147)