Cross-Site Scripting in BulletProof Security Plugin for WordPress
CVE-2014-7958

Currently unrated

Key Information:

Vendor: Wordpress
Status: Bulletproof Security
Vendor: CVE Published:; 6 November 2014

Summary

A Cross-site scripting (XSS) vulnerability exists in the BulletProof Security plugin for WordPress, specifically through the dbhost parameter in the admin/htaccess/bpsunlock.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application, potentially leading to unauthorized access or data manipulation. Website administrators using versions prior to 51.1 of this plugin are advised to update promptly to mitigate risks associated with this vulnerability.

References

http://packetstormsecurity.com/files/128977/WordPress-Bul...

x_refsource_MISC

http://www.securityfocus.com/archive/1/533904/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://wordpress.org/plugins/bulletproof-security/change...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 6, 2014
Vulnerability Reserved
Oct 7, 2014