Strix
26.1K

CVE-2014-7958

UnknownEPSS 2.51%

Last modified

CVE-2014-7958 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.. EPSS estimates a 2.51% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.

Metrics

EPSS Probability
2.51%

82.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Ait-ProBulletproof Security.44
Ait-ProBulletproof Security.44.1
Ait-ProBulletproof Security.45
Ait-ProBulletproof Security.45.1
Ait-ProBulletproof Security.45.2
Ait-ProBulletproof Security.45.3
Ait-ProBulletproof Security.45.4
Ait-ProBulletproof Security.45.5
Ait-ProBulletproof Security.45.6
Ait-ProBulletproof Security.45.7
Ait-ProBulletproof Security.45.8
Ait-ProBulletproof Security.45.9
Ait-ProBulletproof Security.46
Ait-ProBulletproof Security.46.1
Ait-ProBulletproof Security.46.2
Ait-ProBulletproof Security.46.3
Ait-ProBulletproof Security.46.4
Ait-ProBulletproof Security.46.5
Ait-ProBulletproof Security.46.6
Ait-ProBulletproof Security.46.7
Ait-ProBulletproof Security.46.8
Ait-ProBulletproof Security.46.9
Ait-ProBulletproof Security.47
Ait-ProBulletproof Security.47.1
Ait-ProBulletproof Security.47.2
Ait-ProBulletproof Security.47.3
Ait-ProBulletproof Security.47.4
Ait-ProBulletproof Security.47.5
Ait-ProBulletproof Security.47.6
Ait-ProBulletproof Security.47.7
Ait-ProBulletproof Security.47.8
Ait-ProBulletproof Security.47.9
Ait-ProBulletproof Security.48
Ait-ProBulletproof Security.48.1
Ait-ProBulletproof Security.48.2
Ait-ProBulletproof Security.48.3
Ait-ProBulletproof Security.48.4
Ait-ProBulletproof Security.48.5
Ait-ProBulletproof Security.48.6
Ait-ProBulletproof Security.48.7
Ait-ProBulletproof Security.48.8
Ait-ProBulletproof Security.48.9
Ait-ProBulletproof Security.49
Ait-ProBulletproof Security.49.1
Ait-ProBulletproof Security.49.2
Ait-ProBulletproof Security.49.3
Ait-ProBulletproof Security.49.4
Ait-ProBulletproof Security.49.5
Ait-ProBulletproof Security.49.6
Ait-ProBulletproof Security.49.7

Showing 50 of 63 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-7958?
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
How severe is CVE-2014-7958?
Severity scoring for CVE-2014-7958 is pending analysis. The EPSS model estimates a 2.51% probability of exploitation in the next 30 days.
How do I fix CVE-2014-7958?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-7958?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST