Bulletproof Security
Approved changes feed: RSS · Atom
cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Ait Pro (3a925703-0075-543e-8389-6328864a3d7e) |
|---|---|
| Product | Bulletproof Security (0e2296a2-0767-5457-8506-0e98a74c3de1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-1265 |
vulnerable | 2026-06-08 05:39:12.577150 |
BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Published: 2022-05-16T14:30:43.000Z
Updated: 2024-08-02T23:55:24.622Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0590 |
vulnerable | 2026-06-08 05:39:10.348204 |
BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Published: 2022-03-21T18:55:47.000Z
Updated: 2024-08-02T23:32:46.222Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39327 |
vulnerable | 2026-06-08 05:33:50.069126 |
BulletProof Security <= 5.1 Sensitive Information Disclosure
MEDIUM (5.3)
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Published: 2021-09-17T10:26:21.264Z
Updated: 2025-03-31T18:21:46.022Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-8749 |
vulnerable | 2026-06-08 05:06:10.065753 |
Details available
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Published: 2014-12-01T15:00:00.000Z
Updated: 2024-08-06T13:26:02.503Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.