CVSS: 5.4EPSS: 0%CPEs: 63EXPL: 1CVE-2014-7958 – BulletProof Security < .51.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-7958
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. Vulnerabilidad de XSS en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro dbhost. CVE-2014-7958: Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html http://www.securityfocus.com/archive/1/533904/100/0/threaded http://www.securityfocus.com/bid/70916 https://wordpress.org/plugins/bulletproof-security/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 63EXPL: 1CVE-2014-7959 – BulletProof Security < .51.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. Vulnerabilidad de inyección SQL en admin/htaccess/bpsunlock.php en el plugin BulletProof Security anterior a .51.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro tableprefix. WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html http://www.securityfocus.com/archive/1/533904/100/0/threaded http://www.securityfocus.com/bid/70918 https://wordpress.org/plugins/bulletproof-security/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2013-3487 – BulletProof Security <= .48.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3487
Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php. Múltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php. • http://osvdb.org/95928 http://osvdb.org/95929 http://osvdb.org/95930 http://secunia.com/advisories/53614 http://wordpress.org/plugins/bulletproof-security/changelog http://www.securityfocus.com/bid/61583 https://exchange.xforce.ibmcloud.com/vulnerabilities/86160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •