Cross-Site Scripting in BulletProof Security Plugin for WordPress
CVE-2015-9230

4.8MEDIUM

Key Information:

Vendor
Wordpress
Status
Bulletproof Security
Vendor
CVE Published:
12 September 2017

Summary

The BulletProof Security plugin for WordPress, before version 52.5, contains a cross-site scripting vulnerability in the admin/db-backup-security/db-backup-security.php page. This issue allows authenticated remote administrators to exploit the vulnerability using the DBTablePrefix parameter, potentially leading to unauthorized actions within the administrative interface. Attackers can inject malicious scripts that execute in the browsers of those who visit the affected page, compromising the security and integrity of the WordPress site.

References

https://forum.ait-pro.com/forums/topic/bps-changelog/
x_refsource_MISC
https://github.com/cybersecurityworks/Disclosed/issues/3
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/8224
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.