Primary

Context

WP Vault Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in the WP Vault WordPress plugin, specifically in version 0.8.6.6. This vulnerability allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can use directory traversal sequences in the wpv-image GET parameter to access sensitive files, such as system configuration and credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, including system configuration and credential information.

Reproduction

To reproduce this vulnerability, send a request to the target server with the wpv-image parameter. Include directory traversal sequences to navigate the file system and access sensitive files, such as /etc/passwd.

Added: Jun 9, 2026, 2:21 PM

Updated: Jun 9, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Vault Local File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WP Vault

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating