Full Disclosure mailing list archives
VaultPress - Remote Code Execution via Man in The Middle attack
From: Summer of Pwnage <lists () securify nl>
Date: Wed, 1 Mar 2017 07:11:00 +0100
------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack ------------------------------------------------------------------------ David Vaartjes, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Man in The Middle (MiTM) vulnerability has been identified in the VaultPress plugin of WordPress. This issue allows an attacker to to sniff clear-text communication and to run arbitrary PHP code on the affected WordPress host. ------------------------------------------------------------------------ OVE ID ------------------------------------------------------------------------ OVE-20160728-0002 ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully tested on VaultPress WordPress Plugin version 1.8.4 ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ There is currently no fix available. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://sumofpwn.nl/advisory/2016/vaultpress___remote_code_execution_via_man_in_the_middle_attack.html ------------------------------------------------------------------------ Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- VaultPress - Remote Code Execution via Man in The Middle attack Summer of Pwnage (Feb 28)