Vulnerability Details CVE-2014-7958
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html
- http://www.securityfocus.com/archive/1/533904/100/0/threaded
- http://www.securityfocus.com/bid/70916
- https://wordpress.org/plugins/bulletproof-security/changelog/
- http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html
- http://www.securityfocus.com/archive/1/533904/100/0/threaded
- http://www.securityfocus.com/bid/70916
- https://wordpress.org/plugins/bulletproof-security/changelog/
Products affected by CVE-2014-7958
-
cpe:2.3:a:ait-pro:bulletproof_security:.44
-
cpe:2.3:a:ait-pro:bulletproof_security:.44.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.46
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.47
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.48
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.49
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.50
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.51