Cross-Site Scripting Vulnerability in BulletProof Security Plugin for WordPress
CVE-2012-4268

Currently unrated

Key Information:

Vendor: Wordpress
Status: Bulletproof-security
Vendor: CVE Published:; 13 August 2012

Summary

The BulletProof Security plugin for WordPress has a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML through the HTTP_ACCEPT_ENCODING header. This flaw exists in the admin options.php file and can enable malicious actors to compromise the affected systems by executing harmful scripts that could lead to data theft or user session hijacking.

References

http://wordpress.org/extend/plugins/bulletproof-security/...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/75522

vdb-entryx_refsource_XF

http://packetstormsecurity.org/files/112618/WordPress-Bul...

x_refsource_MISC

Timeline

Vulnerability published
Aug 13, 2012
Vulnerability Reserved
Aug 13, 2012