CVE-2014-7958 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
ait-pro	bulletproof_security	.44
ait-pro	bulletproof_security	.44.1
ait-pro	bulletproof_security	.45
ait-pro	bulletproof_security	.45.1
ait-pro	bulletproof_security	.45.2
ait-pro	bulletproof_security	.45.3
ait-pro	bulletproof_security	.45.4
ait-pro	bulletproof_security	.45.5
ait-pro	bulletproof_security	.45.6
ait-pro	bulletproof_security	.45.7
ait-pro	bulletproof_security	.45.8
ait-pro	bulletproof_security	.45.9
ait-pro	bulletproof_security	.46
ait-pro	bulletproof_security	.46.1
ait-pro	bulletproof_security	.46.2
ait-pro	bulletproof_security	.46.3
ait-pro	bulletproof_security	.46.4
ait-pro	bulletproof_security	.46.5
ait-pro	bulletproof_security	.46.6
ait-pro	bulletproof_security	.46.7
ait-pro	bulletproof_security	.46.8
ait-pro	bulletproof_security	.46.9
ait-pro	bulletproof_security	.47
ait-pro	bulletproof_security	.47.1
ait-pro	bulletproof_security	.47.2
ait-pro	bulletproof_security	.47.3
ait-pro	bulletproof_security	.47.4
ait-pro	bulletproof_security	.47.5
ait-pro	bulletproof_security	.47.6
ait-pro	bulletproof_security	.47.7
ait-pro	bulletproof_security	.47.8
ait-pro	bulletproof_security	.47.9
ait-pro	bulletproof_security	.48
ait-pro	bulletproof_security	.48.1
ait-pro	bulletproof_security	.48.2
ait-pro	bulletproof_security	.48.3
ait-pro	bulletproof_security	.48.4
ait-pro	bulletproof_security	.48.5
ait-pro	bulletproof_security	.48.6
ait-pro	bulletproof_security	.48.7
ait-pro	bulletproof_security	.48.8
ait-pro	bulletproof_security	.48.9
ait-pro	bulletproof_security	.49
ait-pro	bulletproof_security	.49.1
ait-pro	bulletproof_security	.49.2
ait-pro	bulletproof_security	.49.3
ait-pro	bulletproof_security	.49.4
ait-pro	bulletproof_security	.49.5
ait-pro	bulletproof_security	.49.6
ait-pro	bulletproof_security	.49.7
ait-pro	bulletproof_security	.49.8
ait-pro	bulletproof_security	.49.9
ait-pro	bulletproof_security	.50
ait-pro	bulletproof_security	.50.1
ait-pro	bulletproof_security	.50.2
ait-pro	bulletproof_security	.50.3
ait-pro	bulletproof_security	.50.4
ait-pro	bulletproof_security	.50.5
ait-pro	bulletproof_security	.50.6
ait-pro	bulletproof_security	.50.7
ait-pro	bulletproof_security	.50.8
ait-pro	bulletproof_security	.50.9
ait-pro	bulletproof_security	.51

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html

http://www.securityfocus.com/archive/1/533904/100/0/threaded

http://www.securityfocus.com/bid/70916

https://wordpress.org/plugins/bulletproof-security/changelog/

http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html

http://www.securityfocus.com/archive/1/533904/100/0/threaded

http://www.securityfocus.com/bid/70916

https://wordpress.org/plugins/bulletproof-security/changelog/