Vulnerability Name:

CVE-2014-8749 (CCN-98507)

Assigned:2014-11-05
Published:2014-11-05
Updated:2014-12-01
Summary:Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.

CWE-918: Server-Side Request Forgery (SSRF)
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Informational
References:Source: CCN
Type: BugTraq Mailing List, Wed Nov 05 2014 - 05:30:29 CST
Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: MITRE
Type: CNA
CVE-2014-8749

Source: FULLDISC
Type: UNKNOWN
20141106 Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: CCN
Type: BID-70924
WordPress BulletProof Security Plugin 'bpsunlock.php' Remote Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
wp-bulletproof-cve20148749-ssrf(98507)

Source: CCN
Type: Packet Storm Security [11-05-2014]
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF

Source: CCN
Type: BulletProof Security
BulletProof Security

Source: CONFIRM
Type: Patch, Vendor Advisory
https://wordpress.org/plugins/bulletproof-security/changelog/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:* (Version <= .51)

    • * Denotes that component is vulnerable
    BACK
    ait-pro bulletproof security *