Server-Side Request Forgery Vulnerability in BulletProof Security Plugin for WordPress
CVE-2014-8749

Currently unrated

Key Information:

Vendor: Wordpress
Status: Bulletproof Security
Vendor: CVE Published:; 1 December 2014

Summary

The BulletProof Security plugin for WordPress contains a server-side request forgery (SSRF) vulnerability in the admin/htaccess/bpsunlock.php file. This flaw enables remote attackers to send forged requests that may authenticate to arbitrary databases using the dbhost parameter, potentially compromising sensitive data and application integrity. Users of the plugin should upgrade to the latest version to mitigate the risk associated with this vulnerability.

References

http://seclists.org/fulldisclosure/2014/Nov/13

mailing-listx_refsource_FULLDISC

https://wordpress.org/plugins/bulletproof-security/change...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 1, 2014
Vulnerability Reserved
Oct 13, 2014