ByteOS Network

NVD Vulnerability Details :

CVE-2014-8749

Modified

Source-cve@mitre.org

Published At-01 Dec, 2014 | 15:59

Updated At-06 May, 2026 | 22:30

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

ait-pro>>bulletproof_security>>Versions up to .51(inclusive)

cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

Evaluator Description

CWE-918: Server-Side Request Forgery (SSRF)

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2014/Nov/13	cve@mitre.org	N/A
https://wordpress.org/plugins/bulletproof-security/changelog/	cve@mitre.org	Patch Vendor Advisory
http://seclists.org/fulldisclosure/2014/Nov/13	af854a3a-2127-422b-91ae-364da2661108	N/A
https://wordpress.org/plugins/bulletproof-security/changelog/	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/13

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://wordpress.org/plugins/bulletproof-security/changelog/

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2014/Nov/13

Source: af854a3a-2127-422b-91ae-364da2661108