CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

CVE-2014-7959

CVE-2014-7959 is a SQL injection vulnerability in the BulletProof Security WordPress plugin prior to version 0.51.1, specifically in admin/htaccess/bpsunlock.php. The flaw allows remote authenticated users to execute arbitrary SQL commands through the tableprefix parameter. The vulnerability is c...

WordPress BulletProof Security Plugin <= .51 - SSRF

Because of this server side request forgery vulnerability in admin/htaccess/bpsunlock.php, the attackers can trigger outbound requests that authenticate to arbitrary databases via the "dbhost" parameter. Solution Update the plugin...

WordPress BulletProof Security Plugin <= .51 - XSS

Because of this vulnerability in admin/htaccess/bpsunlock.php, the attackers can inject arbitrary web script or HTML via the "dbhost" parameter. Solution Update the plugin...

WordPress BulletProof Security Plugin <= .51 - SQL Injection

This vulnerability is in admin/htaccess/bpsunlock.php. It allows remote authenticated users to execute arbitrary SQL commands via the "tableprefix" parameter. Solution Update the plugin...