Description
WordPress Plugin WP Vault is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Vault version 0.8.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://lenonleite.com.br/en/blog/2016/11/30/wp-vault-0-8-6-6-local-file-inclusion/
https://www.exploit-db.com/exploits/40850/
https://packetstormsecurity.com/files/139979/WordPress-WP-Vault-0.8.6.6-Local-File-Inclusion.html
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
Apache Tomcat Other Vulnerability (CVE-2002-1567)
WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)
Oracle JRE CVE-2013-2463 Vulnerability (CVE-2013-2463)
WordPress Plugin WP SlackSync Information Disclosure (1.8.5)