Server-Side Request Forgery Vulnerability in BulletProof Security Plugin for WordPress
CVE-2014-8749

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
1 December 2014

What is CVE-2014-8749?

The BulletProof Security plugin for WordPress contains a server-side request forgery (SSRF) vulnerability in the admin/htaccess/bpsunlock.php file. This flaw enables remote attackers to send forged requests that may authenticate to arbitrary databases using the dbhost parameter, potentially compromising sensitive data and application integrity. Users of the plugin should upgrade to the latest version to mitigate the risk associated with this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.