Vulnerability Name:

CVE-2014-7958 (CCN-98505)

Assigned:2014-11-05
Published:2014-11-05
Updated:2021-12-16
Summary:Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: CCN
Type: BugTraq Mailing List, Wed Nov 05 2014 - 05:30:29 CST
Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: MITRE
Type: CNA
CVE-2014-7958

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20141105 Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
70916

Source: CCN
Type: BID-70916
WordPress BulletProof Security Plugin 'bpsunlock.php' Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
wp-bulletproof-cve20147958-xss(98505)

Source: CCN
Type: Packet Storm Security [11-05-2014]
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF

Source: CCN
Type: WordPress Plugin Directory
BulletProof Security

Source: CONFIRM
Type: Patch, Vendor Advisory
https://wordpress.org/plugins/bulletproof-security/changelog/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7958

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:*

  • Configuration CCN 1:
  • cpe:/a:wordpress:wordpress:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    ait-pro bulletproof security .50.4
    ait-pro bulletproof security .50.3
    ait-pro bulletproof security .44.1
    ait-pro bulletproof security .44
    ait-pro bulletproof security .49.3
    ait-pro bulletproof security .49.2
    ait-pro bulletproof security .48.5
    ait-pro bulletproof security .48.4
    ait-pro bulletproof security .47.7
    ait-pro bulletproof security .47.6
    ait-pro bulletproof security .47.5
    ait-pro bulletproof security .46.8
    ait-pro bulletproof security .46.7
    ait-pro bulletproof security .46
    ait-pro bulletproof security .45.9
    ait-pro bulletproof security .50.6
    ait-pro bulletproof security .50.5
    ait-pro bulletproof security .45.1
    ait-pro bulletproof security .45
    ait-pro bulletproof security .49.5
    ait-pro bulletproof security .49.4
    ait-pro bulletproof security .48.7
    ait-pro bulletproof security .48.6
    ait-pro bulletproof security .47.9
    ait-pro bulletproof security .47.8
    ait-pro bulletproof security .47
    ait-pro bulletproof security .46.9
    ait-pro bulletproof security .46.2
    ait-pro bulletproof security .46.1
    ait-pro bulletproof security .45.4
    ait-pro bulletproof security .50.8
    ait-pro bulletproof security .50.7
    ait-pro bulletproof security .45.3
    ait-pro bulletproof security .45.2
    ait-pro bulletproof security .49.7
    ait-pro bulletproof security .49.6
    ait-pro bulletproof security .48.9
    ait-pro bulletproof security .48.8
    ait-pro bulletproof security .48.1
    ait-pro bulletproof security .48
    ait-pro bulletproof security .47.2
    ait-pro bulletproof security .47.1
    ait-pro bulletproof security .46.4
    ait-pro bulletproof security .46.3
    ait-pro bulletproof security .45.6
    ait-pro bulletproof security .45.5
    ait-pro bulletproof security .51
    ait-pro bulletproof security .50.9
    ait-pro bulletproof security .50.2
    ait-pro bulletproof security .50.1
    ait-pro bulletproof security .50
    ait-pro bulletproof security .49.9
    ait-pro bulletproof security .49.8
    ait-pro bulletproof security .49.1
    ait-pro bulletproof security .49
    ait-pro bulletproof security .48.3
    ait-pro bulletproof security .48.2
    ait-pro bulletproof security .47.4
    ait-pro bulletproof security .47.3
    ait-pro bulletproof security .46.6
    ait-pro bulletproof security .46.5
    ait-pro bulletproof security .45.8
    ait-pro bulletproof security .45.7
    wordpress wordpress -