2 results (0.018 seconds)

CVSS: 5.4EPSS: 0%CPEs: 63EXPL: 1

Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. Vulnerabilidad de XSS en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro dbhost. CVE-2014-7958: Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html http://www.securityfocus.com/archive/1/533904/100/0/threaded http://www.securityfocus.com/bid/70916 https://wordpress.org/plugins/bulletproof-security/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 63EXPL: 1

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. Vulnerabilidad de inyección SQL en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro tableprefix. WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html http://www.securityfocus.com/archive/1/533904/100/0/threaded http://www.securityfocus.com/bid/70918 https://wordpress.org/plugins/bulletproof-security/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •