Cross-Site Scripting Vulnerabilities in BulletProof Security Plugin for WordPress
CVE-2013-3487

Currently unrated

Key Information:

Vendor: Wordpress
Status: Bulletproof-security
Vendor: CVE Published:; 3 March 2014

Summary

The BulletProof Security plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML into specific security log files. These vulnerabilities affect the scripts located at 400.php and 403.php, where improper handling of HTML header fields creates an opportunity for attackers to execute malicious code. This can lead to compromising user sessions or redirecting users to malicious sites, presenting significant security risks for WordPress sites utilizing this plugin.

References

http://secunia.com/advisories/53614

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/86160

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/61583

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 3, 2014
Vulnerability Reserved
May 7, 2013