ThreatPress

WordPress Vulnerabilities Database

Back

WordPress VaultPress plugin <=1.9 - Unauthenticated RCE vulnerability

Product
VaultPress
Description
Unauthenticated Remote Code Execution (RCE) vulnerability found by Slavco in WordPress VaultPress plugin (version 1.89-1.9).
Solution
Update the VaultPress plugin to the latest available version (at least 1.9.1).
Classification
Type Arbitrary Code Execution
References
Medium
HackerOne
CVE
Name CVE-N/A
Versions
Affected In <=1.9
Fixed In 1.9.1
Disclosure date
2017-09-25
Credits
Slavco
Submitter
ThreatPress