86 matches found
BulletProof Security <= .52.4 - Authenticated Cross-Site Scripting (XSS)
The BulletProof Security WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
CVE-2014-8749
Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...
Wordpress bulletproof-security <=.51 multiple vulnerabilities
Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...
CVE-2014-7958
Cross-site scripting XSS vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter...
CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter...
Sql injection
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter...
CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter...
CVE-2014-7958
Cross-site scripting XSS vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter...
CVE-2014-7958
BulletProof Security (WordPress) plugin
CVE-2014-7959
CVE-2014-7959 is a SQL injection vulnerability in the BulletProof Security WordPress plugin prior to version 0.51.1, specifically in admin/htaccess/bpsunlock.php. The flaw allows remote authenticated users to execute arbitrary SQL commands through the tableprefix parameter. The vulnerability is c...
WordPress Bulletproof-Security .51 Multiple Vulnerabilities
WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities. Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro...
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF
Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...
WordPress BulletProof Security Plugin <= .51 - SSRF
Because of this server side request forgery vulnerability in admin/htaccess/bpsunlock.php, the attackers can trigger outbound requests that authenticate to arbitrary databases via the "dbhost" parameter. Solution Update the plugin...
WordPress BulletProof Security Plugin <= .51 - SQL Injection
This vulnerability is in admin/htaccess/bpsunlock.php. It allows remote authenticated users to execute arbitrary SQL commands via the "tableprefix" parameter. Solution Update the plugin...
WordPress BulletProof Security Plugin <= .51 - XSS
Because of this vulnerability in admin/htaccess/bpsunlock.php, the attackers can inject arbitrary web script or HTML via the "dbhost" parameter. Solution Update the plugin...
WordPress BulletProof Security 50.8 Script Insertion
Document Title: =============== BulletProof Security Wordpress v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID:...
BulletProof Security <= .50.8 - Script Insertion
The BulletProof Security WordPress plugin was affected by a Script Insertion security vulnerability...
CVE-2013-3487
Multiple cross-site scripting XSS vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to 1 400.php, 2 403.php, or 3 403.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to 1 400.php, 2 403.php, or 3 403.php...
CVE-2013-3487
BulletProof Security WordPress plugin (Security Log): multiple XSS in the security log via HTML header fields to 400.php/403.php in versions before 0.49. Root cause appears to be improper input handling. Remediation: update to a fixed release (0.49 or newer) per PatchStack and related advisories;...