📄 Description (English)
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
🤖 AI Executive Summary
WP Vault 0.8.6.6 contains a critical local file inclusion (LFI) vulnerability allowing unauthenticated attackers to read arbitrary files through directory traversal in the wpv-image parameter. This vulnerability poses significant risk to WordPress installations in Saudi Arabia, particularly those handling sensitive government and financial data. With no available patch, immediate mitigation through web application firewalls and access controls is essential.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 16:47
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using WP Vault plugin for document management and content protection. High-risk sectors include: Government agencies (NCA, CITC) storing classified documents; Banking sector (SAMA-regulated institutions) managing financial records and customer data; Healthcare providers (MOH) handling patient information; Energy sector (ARAMCO, SEC) protecting technical specifications; Telecommunications (STC, Mobily) managing customer databases. The LFI vulnerability enables attackers to access wp-config.php containing database credentials, potentially leading to complete system compromise and data exfiltration.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
Energy
Telecommunications
Education
Media and Publishing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Disable or remove WP Vault plugin immediately if not actively required
2. Implement Web Application Firewall (WAF) rules to block requests containing '../' or '..\' in wpv-image parameter
3. Restrict access to WordPress admin and plugin directories using IP whitelisting
4. Review access logs for suspicious wpv-image parameter usage patterns
COMPENSATING CONTROLS:
5. Implement .htaccess rules: <FilesMatch "wpv-image"> Deny from all </FilesMatch>
6. Apply input validation: reject any GET parameters containing directory traversal sequences
7. Move wp-config.php outside web root if possible
8. Implement file integrity monitoring on sensitive configuration files
9. Enable WordPress security headers (X-Frame-Options, X-Content-Type-Options)
10. Conduct immediate security audit of all files accessed through wpv-image parameter
DETECTION RULES:
- Monitor for GET requests with wpv-image parameter containing: ../, ..\ , %2e%2e, encoded variants
- Alert on access attempts to wp-config.php, .env, /etc/passwd patterns
- Track failed authentication attempts following LFI attempts
- Monitor database connection attempts from web server process
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تعطيل أو إزالة مكون WP Vault فوراً إذا لم يكن مطلوباً بنشاط
2. تنفيذ قواعد جدار الحماية لتطبيقات الويب لحجب الطلبات التي تحتوي على '../' أو '..\' في معامل wpv-image
3. تقييد الوصول إلى دلائل WordPress والمكونات الإضافية باستخدام قائمة بيضاء للعناوين
4. مراجعة سجلات الوصول للأنماط المريبة في معامل wpv-image
الضوابط البديلة:
5. تطبيق قواعد .htaccess: <FilesMatch "wpv-image"> Deny from all </FilesMatch>
6. تطبيق التحقق من الإدخال: رفض أي معاملات GET تحتوي على تسلسلات اجتياز الدلائل
7. نقل wp-config.php خارج جذر الويب إن أمكن
8. تنفيذ مراقبة سلامة الملفات على ملفات التكوين الحساسة
9. تفعيل رؤوس أمان WordPress (X-Frame-Options, X-Content-Type-Options)
10. إجراء تدقيق أمني فوري لجميع الملفات التي يتم الوصول إليها من خلال معامل wpv-image
قواعد الكشف:
- مراقبة طلبات GET التي تحتوي على معامل wpv-image يتضمن: ../, ..\ , %2e%2e, متغيرات مشفرة
- تنبيهات محاولات الوصول إلى wp-config.php, .env, /etc/passwd
- تتبع محاولات المصادقة الفاشلة التالية لمحاولات LFI
- مراقبة محاولات اتصال قاعدة البيانات من عملية خادم الويب
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.8.1.1 - Asset Management
A.12.2.1 - Change Management
A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
ID.AM-2 - Software Inventory
PR.AC-1 - Access Control Policy
PR.PT-2 - Protective Technology
DE.CM-1 - Network Monitoring
RS.MI-2 - Incident Response Procedures
🟡 ISO 27001:2022
A.5.1 - Management Direction
A.6.1 - Internal Organization
A.8.1 - Asset Responsibility
A.12.2 - Change Management
A.12.6 - Management of Technical Vulnerabilities
A.14.2 - Development Security
🟣 PCI DSS v4.0.1
Requirement 2.2 - Configuration Standards
Requirement 6.2 - Security Patches
Requirement 6.5.1 - Injection Flaws
Requirement 11.2 - Vulnerability Scanning
🔗 References & Sources 4
🔗
🔗
🔗
🔗
http://lenonleite.com.br/
disclosure@vulncheck.com
https://wordpress.org/plugins/wp-vault/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/40850
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/wp-vault-local-file-inclusion-via-wpv-image-parameter
disclosure@vulncheck.com