Approved changes feed: RSS · Atom

cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorAit Pro (3a925703-0075-543e-8389-6328864a3d7e)
ProductBulletproof Security (0e2296a2-0767-5457-8506-0e98a74c3de1)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-1265 vulnerable 2026-06-08 05:39:12.577150 BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Published: 2022-05-16T14:30:43.000Z
Updated: 2024-08-02T23:55:24.622Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-0590 vulnerable 2026-06-08 05:39:10.348204 BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Published: 2022-03-21T18:55:47.000Z
Updated: 2024-08-02T23:32:46.222Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-39327 vulnerable 2026-06-08 05:33:50.069126 BulletProof Security <= 5.1 Sensitive Information Disclosure
MEDIUM (5.3)
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Published: 2021-09-17T10:26:21.264Z
Updated: 2025-03-31T18:21:46.022Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-8749 vulnerable 2026-06-08 05:06:10.065753 Details available
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Published: 2014-12-01T15:00:00.000Z
Updated: 2024-08-06T13:26:02.503Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.