EUVD-2014-1272

Malware in sbrugna...

EUVD-2017-11093

Malware in sbrugna...

CVE-2017-20086

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

CVE-2014-125104

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

CVE-2014-125104

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

Out-of-bounds

A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protectaioseoajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. Th...

CVE-2014-125104

CVE-2014-125104 concerns VaultPress Plugin up to 1.6.0 on WordPress. The vulnerability affects the function protect_aioseo_ajax in the file class.vaultpress-hotfixes.php within the MailPoet Plugin, enabling unrestricted upload. The issue is exploitable remotely. A fix exists: upgrade to VaultPres...

PT-2023-10172 · Unknown · Vaultpress Plugin +1

Name of the Vulnerable Software and Affected Versions: VaultPress Plugin versions up to 1.6.0 Description: A critical issue has been found in the VaultPress Plugin, affecting the protect aioseo ajax function of the class.vaultpress-hotfixes.php file in the MailPoet Plugin component. This issue...

WordPress plugin VaultPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin VaultPress...

CVE-2017-20086

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

CVE-2017-20086

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

Code injection

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

CVE-2017-20086 VaultPress Plugin code injection

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

CVE-2017-20086 VaultPress Plugin code injection

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely...

CVE-2017-20086

CVE-2017-20086 affects VaultPress Plugin 1.8.4 (WordPress ecosystem). The connected documents consistently describe a code-injection vulnerability in an unspecified part of the plugin that enables remote exploitation. The exact root cause, affected component/version details, and a published fix a...

WordPress Plugin VaultPress 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress VaultPress plugin <=1.9 - Unauthenticated RCE vulnerability

Unauthenticated Remote Code Execution RCE vulnerability found by Slavco in WordPress VaultPress plugin version 1.89-1.9. Solution Update the VaultPress plugin to the latest available version at least 1.9.1...

VaultPress 1.89-1.9 - Unauthenticated RCE

The builtin WAF must be disabled or bypassed for successful exploitation. v1.89 - Improper usage of opensslverify - signature compare - timing attack unsafe v1.9 - signature compare - timing attack unsafe...

Automattic: Unauthenticated RCE in Vaultpress

Hitting wordpress instalattion with vaultpress on it with get parameter vaultpress=true attacker is one method away from RCE and that method is validateapisignature. In this method we have the following constraints: 1. Firewall 2. Usage recomended of openssl to validate API call In case of disabl...

WordPress VaultPress 1.8.4 Remote Code Execution / Man-In-The-Middle Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack ------------------------------------------------------------------------ David Vaartjes, July 2016...