Cross-Site Scripting Vulnerabilities in BulletProof Security Plugin for WordPress
CVE-2013-3487

Currently unrated

Key Information:

Vendor

Wordpress
Status
Bulletproof-security
Vendor
CVE Published:
3 March 2014

What is CVE-2013-3487?

The BulletProof Security plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML into specific security log files. These vulnerabilities affect the scripts located at 400.php and 403.php, where improper handling of HTML header fields creates an opportunity for attackers to execute malicious code. This can lead to compromising user sessions or redirecting users to malicious sites, presenting significant security risks for WordPress sites utilizing this plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/53614
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/86160
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/61583
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.