Server-Side Request Forgery Vulnerability in BulletProof Security Plugin for WordPress
CVE-2014-8749
Currently unrated
What is CVE-2014-8749?
The BulletProof Security plugin for WordPress contains a server-side request forgery (SSRF) vulnerability in the admin/htaccess/bpsunlock.php file. This flaw enables remote attackers to send forged requests that may authenticate to arbitrary databases using the dbhost parameter, potentially compromising sensitive data and application integrity. Users of the plugin should upgrade to the latest version to mitigate the risk associated with this vulnerability.