ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BulletProof Security Plugin <= .51 - SQL Injection

Product
BulletProof Security
Description
This vulnerability is in admin/htaccess/bpsunlock.php. It allows remote authenticated users to execute arbitrary SQL commands via the "tableprefix" parameter.
Solution
Update the plugin.
Classification
Type SQL Injection
References
CVE Mitre
CVE
Name CVE-2014-7959
Versions
Affected In <= .51
Fixed In .51.1
Disclosure date
2014-10-07
Credits
Pietro Oliva