Server-Side Request Forgery Vulnerability in BulletProof Security Plugin for WordPress
CVE-2014-8749

Currently unrated

Key Information:

Vendor: Wordpress
Status: Bulletproof Security
Vendor: CVE Published:; 1 December 2014

What is CVE-2014-8749?

The BulletProof Security plugin for WordPress contains a server-side request forgery (SSRF) vulnerability in the admin/htaccess/bpsunlock.php file. This flaw enables remote attackers to send forged requests that may authenticate to arbitrary databases using the dbhost parameter, potentially compromising sensitive data and application integrity. Users of the plugin should upgrade to the latest version to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Nov/13

mailing-listx_refsource_FULLDISC

https://wordpress.org/plugins/bulletproof-security/change...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 1, 2014
Vulnerability Reserved
Oct 13, 2014

JSON

Wordpress

What is CVE-2014-8749?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.