Search criteria
21 vulnerabilities found for bulletproof_security by ait-pro
FKIE_CVE-2022-1265
Vulnerability from fkie_nvd - Published: 2022-05-16 15:15 - Updated: 2024-11-21 06:40
Severity ?
Summary
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ait-pro | bulletproof_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FC65CB91-AB93-4908-A056-E458EA1A9204",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El plugin BulletProof Security de WordPress versiones anteriores a 6.1, no sanea y escapa de algunos de sus ajustes CAPTCHA, lo que podr\u00eda permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html est\u00e1 deshabilitado"
}
],
"id": "CVE-2022-1265",
"lastModified": "2024-11-21T06:40:22.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T15:15:09.103",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-0590
Vulnerability from fkie_nvd - Published: 2022-03-21 19:15 - Updated: 2024-11-21 06:38
Severity ?
Summary
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ait-pro | bulletproof_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "086DE7B0-4674-4173-AD58-191D2554D527",
"versionEndExcluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
},
{
"lang": "es",
"value": "El plugin BulletProof Security de WordPress versiones anteriores a 5.8, no sanea y escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html est\u00e1 deshabilitada"
}
],
"id": "CVE-2022-0590",
"lastModified": "2024-11-21T06:38:58.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-21T19:15:10.873",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-39327
Vulnerability from fkie_nvd - Published: 2021-09-17 11:15 - Updated: 2024-11-21 06:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ait-pro | bulletproof_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F41E2B5F-BB18-4CAE-B3ED-FAA663B2F397",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
},
{
"lang": "es",
"value": "El plugin BulletProof Security de WordPress es vulnerable a una divulgaci\u00f3n de informaci\u00f3n confidencial debido a una divulgaci\u00f3n de la ruta de archivos en el archivo ~/db_backup_log.txt de acceso p\u00fablico que otorga a los atacantes la ruta completa del sitio, adem\u00e1s de la ruta de los archivos de copia de seguridad de la base de datos. Esto afecta a las versiones hasta la 5.1, incluy\u00e9ndola"
}
],
"id": "CVE-2021-39327",
"lastModified": "2024-11-21T06:19:14.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-17T11:15:08.647",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50382"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-9230
Vulnerability from fkie_nvd - Published: 2017-09-12 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ait-pro | bulletproof_security | .52.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.52.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FEA2FD6C-B4A4-4EBC-ACA2-3386F590B5AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter."
},
{
"lang": "es",
"value": "En la p\u00e1gina admin/db-backup-security/db-backup-security.php en el plugin BulletProof Security en versiones anteriores a la .52.5 para WordPress, es posible que los administradores remotos autenticados realicen un ataque de Cross-Site Scripting (XSS) mediante el par\u00e1metro DBTablePrefix."
}
],
"id": "CVE-2015-9230",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-12T22:29:00.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-8749
Vulnerability from fkie_nvd - Published: 2014-12-01 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ait-pro | bulletproof_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "877B439F-864B-47E4-9D3C-AC8FD911E905",
"versionEndIncluding": ".51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de SSRF en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a atacantes remotos provocar solicitudes salientes que autentican en bases de datos arbitrarias a trav\u00e9s del par\u00e1metro dbhost."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/918.html\"\u003eCWE-918: Server-Side Request Forgery (SSRF)\u003c/a\u003e",
"id": "CVE-2014-8749",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-01T15:59:07.877",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7958
Vulnerability from fkie_nvd - Published: 2014-11-06 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/70916 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70916 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3B9C33AA-12CC-4D42-8434-A21A970712A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2D477EAD-56ED-484C-9EC9-807D71FF132A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "23E8D7C5-C7CE-4592-9845-D8ED2EA26E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "27850F39-002B-4B27-A360-904F6948D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B2C43712-B51B-400B-87CB-A0ABE649A873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5F8DBF45-32A3-4653-8EE7-60462FA9D3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5A7783B6-B046-4F65-A88D-4004C2354191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0CCBC995-7EB8-40EA-A0D2-A4AB08E1E6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "551056EE-F1B1-41EF-A6BE-22C865759C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5D38E934-276C-4BA5-B741-AABB723522DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D438D78F-9B8A-48B1-A98E-63F369079CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "61DD5B82-5490-4F51-8519-94B275C80A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B412149-36D2-46D7-88FD-D946973E66D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2AD3C425-50CC-4580-AAFF-D9CDF7A8CDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "67866096-905F-4268-ADA5-63DE2E2BC91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "167E8C59-9DD6-4EA1-9C59-B7A72AA5CC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4EF2CF91-23A2-49FB-AB76-1CFEA3189CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "945130CD-0FC6-408A-9504-B9AE50FC1719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F31E508F-028F-4654-8B6D-060B9CAA6F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2C5E0C2D-2F9A-48B2-B2C8-8BD0ED121A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5E934145-72E5-48FF-AD4D-E9EC4D74AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C0DF6386-85BF-4695-878E-8340F5CC7368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5B5401DF-F5A3-427F-B225-3765C3F8AF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BD9CCB62-8913-4BD8-94A2-1E795909C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7338666F-3FC9-4DE3-AD41-9013025E9ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6171FDC9-0132-474B-B23B-D95213605DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4458E0A1-A43D-49CE-91CF-AA53FD548EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DF2CB32E-FD76-4461-942F-6FE83E3CA117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D7555FD0-1691-4A9A-8090-F65C59118340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B0E76D29-7AE8-48A3-BA00-D31C9F46A14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "993E79E7-1ADF-48FA-943A-8A0C058CE776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1EAC4337-824E-4C2A-8FCB-B3AEC2CA4BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7D7CCB40-A153-4BBD-8127-63D0B3746BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "071D7A42-7A56-4DF8-8396-6483679CC27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "16D4D906-4800-4C25-8732-E5951EE4A0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ECA6F32A-D7A5-4BD1-9BBD-59C72A9375E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "919AB4CB-1927-464C-A6C8-C78522A407F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4EB14C36-C0B2-41E8-A40D-EBB30BDFBF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "592BC8CA-3FFC-43F3-8421-29AB867BB69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "00E8EED5-B1EF-49F6-BE60-7F27A95B424E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D083B6D1-67F4-45F3-9185-2595BF4A024C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E70A7618-530E-4FDC-9E58-B01BFC815042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A495DEB5-E485-4D01-860C-49103FCD8689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F7A662D9-694F-45D9-A9A6-8AB52A20661B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BA5C0283-7D37-4B49-9CF0-18CB46B08B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D48536AD-8EBC-421C-9603-A68AE9025CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9587C29A-2B24-4093-AE8B-B0ED26E680EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9E5B41BB-6377-4716-B0A6-A6B449F2ED87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "469B34E4-E097-497D-8969-4AC4D26EBA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "53F9AE5E-9F8D-4BFD-8FDE-D9AB7D38BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C30FB62-C7FE-4A1C-8CE4-3B48ADE1D93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6A74EED9-7F36-4EB5-A568-33F0073F45DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "59A0C040-908D-43EF-9D57-4F0DCA91389A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E061F000-A8E0-4D98-8333-07981A870D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DE3862FB-8B7D-480E-AA2A-C682795691A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "96BB5796-BC2A-4EC9-B341-A27EFCCB1782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E25F7569-5222-4B14-8F75-BFA836A67EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B55644C-5481-462B-984C-A52C4BC4EEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "31D93C98-42B4-444C-8855-DF99888D3DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "065FCF06-6340-4E85-9C3C-E46044518399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AE844D07-910F-44B8-81ED-EB600FD26811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FED20689-FBFB-40B0-859D-72D26AB907BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "453C7575-AEFC-4064-89FF-2EF9D0E7CCA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro dbhost."
}
],
"id": "CVE-2014-7958",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-06T15:55:08.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70916"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7959
Vulnerability from fkie_nvd - Published: 2014-11-06 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/70918 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70918 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3B9C33AA-12CC-4D42-8434-A21A970712A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2D477EAD-56ED-484C-9EC9-807D71FF132A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "23E8D7C5-C7CE-4592-9845-D8ED2EA26E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "27850F39-002B-4B27-A360-904F6948D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B2C43712-B51B-400B-87CB-A0ABE649A873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5F8DBF45-32A3-4653-8EE7-60462FA9D3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5A7783B6-B046-4F65-A88D-4004C2354191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0CCBC995-7EB8-40EA-A0D2-A4AB08E1E6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "551056EE-F1B1-41EF-A6BE-22C865759C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5D38E934-276C-4BA5-B741-AABB723522DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D438D78F-9B8A-48B1-A98E-63F369079CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "61DD5B82-5490-4F51-8519-94B275C80A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B412149-36D2-46D7-88FD-D946973E66D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2AD3C425-50CC-4580-AAFF-D9CDF7A8CDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "67866096-905F-4268-ADA5-63DE2E2BC91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "167E8C59-9DD6-4EA1-9C59-B7A72AA5CC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4EF2CF91-23A2-49FB-AB76-1CFEA3189CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "945130CD-0FC6-408A-9504-B9AE50FC1719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F31E508F-028F-4654-8B6D-060B9CAA6F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2C5E0C2D-2F9A-48B2-B2C8-8BD0ED121A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5E934145-72E5-48FF-AD4D-E9EC4D74AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C0DF6386-85BF-4695-878E-8340F5CC7368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5B5401DF-F5A3-427F-B225-3765C3F8AF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BD9CCB62-8913-4BD8-94A2-1E795909C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7338666F-3FC9-4DE3-AD41-9013025E9ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6171FDC9-0132-474B-B23B-D95213605DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4458E0A1-A43D-49CE-91CF-AA53FD548EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DF2CB32E-FD76-4461-942F-6FE83E3CA117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D7555FD0-1691-4A9A-8090-F65C59118340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B0E76D29-7AE8-48A3-BA00-D31C9F46A14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "993E79E7-1ADF-48FA-943A-8A0C058CE776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1EAC4337-824E-4C2A-8FCB-B3AEC2CA4BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7D7CCB40-A153-4BBD-8127-63D0B3746BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "071D7A42-7A56-4DF8-8396-6483679CC27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "16D4D906-4800-4C25-8732-E5951EE4A0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ECA6F32A-D7A5-4BD1-9BBD-59C72A9375E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "919AB4CB-1927-464C-A6C8-C78522A407F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4EB14C36-C0B2-41E8-A40D-EBB30BDFBF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "592BC8CA-3FFC-43F3-8421-29AB867BB69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "00E8EED5-B1EF-49F6-BE60-7F27A95B424E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D083B6D1-67F4-45F3-9185-2595BF4A024C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E70A7618-530E-4FDC-9E58-B01BFC815042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A495DEB5-E485-4D01-860C-49103FCD8689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F7A662D9-694F-45D9-A9A6-8AB52A20661B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BA5C0283-7D37-4B49-9CF0-18CB46B08B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D48536AD-8EBC-421C-9603-A68AE9025CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9587C29A-2B24-4093-AE8B-B0ED26E680EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9E5B41BB-6377-4716-B0A6-A6B449F2ED87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "469B34E4-E097-497D-8969-4AC4D26EBA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "53F9AE5E-9F8D-4BFD-8FDE-D9AB7D38BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C30FB62-C7FE-4A1C-8CE4-3B48ADE1D93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6A74EED9-7F36-4EB5-A568-33F0073F45DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "59A0C040-908D-43EF-9D57-4F0DCA91389A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E061F000-A8E0-4D98-8333-07981A870D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DE3862FB-8B7D-480E-AA2A-C682795691A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "96BB5796-BC2A-4EC9-B341-A27EFCCB1782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E25F7569-5222-4B14-8F75-BFA836A67EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B55644C-5481-462B-984C-A52C4BC4EEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "31D93C98-42B4-444C-8855-DF99888D3DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "065FCF06-6340-4E85-9C3C-E46044518399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AE844D07-910F-44B8-81ED-EB600FD26811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FED20689-FBFB-40B0-859D-72D26AB907BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "453C7575-AEFC-4064-89FF-2EF9D0E7CCA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro tableprefix."
}
],
"id": "CVE-2014-7959",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-06T15:55:08.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-1265 (GCVE-0-2022-1265)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:30 – Updated: 2024-08-02 23:55
VLAI?
Title
BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
Summary
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | BulletProof Security |
Affected:
6.1 , < 6.1
(custom)
|
Credits
Fayçal CHENA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.1",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fay\u00e7al CHENA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BulletProof Security \u003c 6.1 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1265",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c 6.1 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fay\u00e7al CHENA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1265",
"datePublished": "2022-05-16T14:30:43",
"dateReserved": "2022-04-07T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0590 (GCVE-0-2022-0590)
Vulnerability from cvelistv5 – Published: 2022-03-21 18:55 – Updated: 2024-08-02 23:32
VLAI?
Title
BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
Summary
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | BulletProof Security |
Affected:
5.8 , < 5.8
(custom)
|
Credits
Mika
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.8",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mika"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:55:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BulletProof Security \u003c 5.8 - Admin+ Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0590",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c 5.8 - Admin+ Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.8",
"version_value": "5.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0590",
"datePublished": "2022-03-21T18:55:47",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39327 (GCVE-0-2021-39327)
Vulnerability from cvelistv5 – Published: 2021-09-17 10:26 – Updated: 2025-03-31 18:21
VLAI?
Title
BulletProof Security <= 5.1 Sensitive Information Disclosure
Summary
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AITpro | BulletProof Security |
Affected:
5.1 , ≤ 5.1
(custom)
|
Credits
Vincent Rakotomanga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:21:40.049342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:21:46.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "AITpro",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vincent Rakotomanga"
}
],
"datePublic": "2021-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T19:34:40.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-09-16T15:36:00.000Z",
"ID": "CVE-2021-39327",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "AITpro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vincent Rakotomanga"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327",
"refsource": "MISC",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"name": "https://www.exploit-db.com/exploits/50382",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50382"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39327",
"datePublished": "2021-09-17T10:26:21.264Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-03-31T18:21:46.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9230 (GCVE-0-2015-9230)
Vulnerability from cvelistv5 – Published: 2017-09-12 22:00 – Updated: 2024-08-06 08:43
VLAI?
Summary
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:18:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.ait-pro.com/forums/topic/bps-changelog/",
"refsource": "MISC",
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/3",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8224",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"name": "https://cxsecurity.com/issue/WLB-2016010011",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"name": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9230",
"datePublished": "2017-09-12T22:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8749 (GCVE-0-2014-8749)
Vulnerability from cvelistv5 – Published: 2014-12-01 15:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-01T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8749",
"datePublished": "2014-12-01T15:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7958 (GCVE-0-2014-7958)
Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7958",
"datePublished": "2014-11-06T15:00:00",
"dateReserved": "2014-10-07T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7959 (GCVE-0-2014-7959)
Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:03
VLAI?
Summary
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7959",
"datePublished": "2014-11-06T15:00:00",
"dateReserved": "2014-10-07T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1265 (GCVE-0-2022-1265)
Vulnerability from nvd – Published: 2022-05-16 14:30 – Updated: 2024-08-02 23:55
VLAI?
Title
BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
Summary
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | BulletProof Security |
Affected:
6.1 , < 6.1
(custom)
|
Credits
Fayçal CHENA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.1",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fay\u00e7al CHENA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BulletProof Security \u003c 6.1 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1265",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c 6.1 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fay\u00e7al CHENA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1265",
"datePublished": "2022-05-16T14:30:43",
"dateReserved": "2022-04-07T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0590 (GCVE-0-2022-0590)
Vulnerability from nvd – Published: 2022-03-21 18:55 – Updated: 2024-08-02 23:32
VLAI?
Title
BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
Summary
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | BulletProof Security |
Affected:
5.8 , < 5.8
(custom)
|
Credits
Mika
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.8",
"status": "affected",
"version": "5.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mika"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:55:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BulletProof Security \u003c 5.8 - Admin+ Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0590",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c 5.8 - Admin+ Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.8",
"version_value": "5.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0590",
"datePublished": "2022-03-21T18:55:47",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39327 (GCVE-0-2021-39327)
Vulnerability from nvd – Published: 2021-09-17 10:26 – Updated: 2025-03-31 18:21
VLAI?
Title
BulletProof Security <= 5.1 Sensitive Information Disclosure
Summary
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AITpro | BulletProof Security |
Affected:
5.1 , ≤ 5.1
(custom)
|
Credits
Vincent Rakotomanga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:21:40.049342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:21:46.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BulletProof Security",
"vendor": "AITpro",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vincent Rakotomanga"
}
],
"datePublic": "2021-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T19:34:40.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50382"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-09-16T15:36:00.000Z",
"ID": "CVE-2021-39327",
"STATE": "PUBLIC",
"TITLE": "BulletProof Security \u003c= 5.1 Sensitive Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BulletProof Security",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "AITpro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vincent Rakotomanga"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2591118%40bulletproof-security\u0026new=2591118%40bulletproof-security\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164420/WordPress-BulletProof-Security-5.1-Information-Disclosure.html"
},
{
"name": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327",
"refsource": "MISC",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-39327"
},
{
"name": "https://www.exploit-db.com/exploits/50382",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50382"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 5.2 or newer of the plugin."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-39327",
"datePublished": "2021-09-17T10:26:21.264Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2025-03-31T18:21:46.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9230 (GCVE-0-2015-9230)
Vulnerability from nvd – Published: 2017-09-12 22:00 – Updated: 2024-08-06 08:43
VLAI?
Summary
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:18:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.ait-pro.com/forums/topic/bps-changelog/",
"refsource": "MISC",
"url": "https://forum.ait-pro.com/forums/topic/bps-changelog/"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/3",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/3"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8224",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8224"
},
{
"name": "https://cxsecurity.com/issue/WLB-2016010011",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2016010011"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/10/27/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/3"
},
{
"name": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9230",
"datePublished": "2017-09-12T22:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8749 (GCVE-0-2014-8749)
Vulnerability from nvd – Published: 2014-12-01 15:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-01T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141106 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/13"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8749",
"datePublished": "2014-12-01T15:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7958 (GCVE-0-2014-7958)
Vulnerability from nvd – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
},
{
"name": "70916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7958",
"datePublished": "2014-11-06T15:00:00",
"dateReserved": "2014-10-07T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7959 (GCVE-0-2014-7959)
Vulnerability from nvd – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:03
VLAI?
Summary
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html"
},
{
"name": "70918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70918"
},
{
"name": "20141105 Wordpress bulletproof-security \u003c=.51 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533904/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/bulletproof-security/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/bulletproof-security/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7959",
"datePublished": "2014-11-06T15:00:00",
"dateReserved": "2014-10-07T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}