CVSS: 8.8EPSS: 0%CPEs: 63EXPL: 1CVE-2014-7959 – BulletProof Security < .51.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. Vulnerabilidad de inyección SQL en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro tableprefix. WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html http://www.securityfocus.com/archive/1/533904/100/0/threaded http://www.securityfocus.com/bid/70918 https://wordpress.org/plugins/bulletproof-security/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 5CVE-2015-9230 – BulletProof Security < .52.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9230
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. En la página admin/db-backup-security/db-backup-security.php en el plugin BulletProof Security en versiones anteriores a la .52.5 para WordPress, es posible que los administradores remotos autenticados realicen un ataque de Cross-Site Scripting (XSS) mediante el parámetro DBTablePrefix. • http://www.openwall.com/lists/oss-security/2015/10/27/3 https://cxsecurity.com/issue/WLB-2016010011 https://cybersecurityworks.com/zerodays/cve-2015-9230-bulletproof.html https://forum.ait-pro.com/forums/topic/bps-changelog https://github.com/cybersecurityworks/Disclosed/issues/3 https://packetstormsecurity.com/files/135125/BulletProof-Security-.52.4-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/8224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2013-3487 – BulletProof Security <= .48.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3487
Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php. Múltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php. • http://osvdb.org/95928 http://osvdb.org/95929 http://osvdb.org/95930 http://secunia.com/advisories/53614 http://wordpress.org/plugins/bulletproof-security/changelog http://www.securityfocus.com/bid/61583 https://exchange.xforce.ibmcloud.com/vulnerabilities/86160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4268 – BulletProof Security < .47.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4268
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en bulletproof-security/admin/options.php en el complemento 'BulletProof Security' antes de v.47.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabecera HTTP_ACCEPT_ENCODING. • http://packetstormsecurity.org/files/112618/WordPress-BulletProof-Security-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2Fbulletproof-security&old=543044&new_path=%2Fbulletproof-security&new=543044 http://wordpress.org/extend/plugins/bulletproof-security/changelog http://www.securityfocus.com/bid/53478 https://exchange.xforce.ibmcloud.com/vulnerabilities/75522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •