2 matches found
CVE-2012-4268
CVE-2012-4268 describes a cross-site scripting (XSS) vulnerability in the BulletProof Security WordPress plugin. The flaw resides in bulletproof-security/admin/options.php and affects versions before .47.1, allowing remote attackers to inject arbitrary script/HTML via the HTTP_ACCEPT_ENCODING hea...
CVE-2013-3487
BulletProof Security WordPress plugin (Security Log): multiple XSS in the security log via HTML header fields to 400.php/403.php in versions before 0.49. Root cause appears to be improper input handling. Remediation: update to a fixed release (0.49 or newer) per PatchStack and related advisories;...