CVE-2015-9230

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Bulletproof Security
Vendor: CVE Published:; 12 September 2017

Summary

In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.

References

https://forum.ait-pro.com/forums/topic/bps-changelog/

x_refsource_MISC

https://github.com/cybersecurityworks/Disclosed/issues/3

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8224

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2017
Vulnerability Reserved
Sep 12, 2017