CVE-2014-8749

EUVD-2014-8580
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
ait-probulletproof_security
𝑥
≤ .51
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/
http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/