Vulnerability Details CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.3%
CVSS Severity
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html
- http://www.securityfocus.com/archive/1/533904/100/0/threaded
- http://www.securityfocus.com/bid/70918
- https://wordpress.org/plugins/bulletproof-security/changelog/
- http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html
- http://www.securityfocus.com/archive/1/533904/100/0/threaded
- http://www.securityfocus.com/bid/70918
- https://wordpress.org/plugins/bulletproof-security/changelog/
Products affected by CVE-2014-7959
-
cpe:2.3:a:ait-pro:bulletproof_security:.44
-
cpe:2.3:a:ait-pro:bulletproof_security:.44.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.45.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.46
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.46.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.47
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.47.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.48
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.48.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.49
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.49.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.50
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.1
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.2
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.3
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.4
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.5
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.6
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.7
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.8
-
cpe:2.3:a:ait-pro:bulletproof_security:.50.9
-
cpe:2.3:a:ait-pro:bulletproof_security:.51