CVE-2014-8749

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ait-probulletproof_security
𝑥
≤ .51
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/
http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/