製品・ソフトウェアに関する情報

JVN脆弱性詳細

WordPress 用 BulletProof Security プラグインの admin/htaccess/bpsunlock.php におけるクロスサイトスクリプティングの脆弱性

Title	WordPress 用 BulletProof Security プラグインの admin/htaccess/bpsunlock.php におけるクロスサイトスクリプティングの脆弱性
Summary	WordPress 用 BulletProof Security プラグインの admin/htaccess/bpsunlock.php には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、dbhost パラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 5, 2014, midnight
Registration Date	Nov. 7, 2014, 3:27 p.m.
Last Update	Nov. 7, 2014, 3:27 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

AITpro

BulletProof Security .51.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-7958	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7958
National Vulnerability Database (NVD)
2	CVE-2014-7958	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7958

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
AITpro
1	Top Page	http://www.ait-pro.com/
WordPress Plugin Directory
2	BulletProof Security	https://wordpress.org/plugins/bulletproof-security/changelog/

その他

No	Name	URL
関連文書
1	Wordpress bulletproof-security <=.51 multiple vulnerabilities	http://www.securityfocus.com/archive/1/archive/1/533904/100/0/threaded

Change Log

No	Changed Details	Date of change
0	[2014年11月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-7958

Summary	Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
Publication Date	Nov. 7, 2014, 12:55 a.m.
Registration Date	Jan. 26, 2021, 3:19 p.m.
Last Update	Nov. 21, 2024, 11:18 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ait-pro:bulletproof_security:.50.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.44:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.51:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.44.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.3:::::wordpress::

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html	Exploit Third Party Advisory VDB Entry
3	http://www.securityfocus.com/archive/1/533904/100/0/threaded	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/archive/1/533904/100/0/threaded	Third Party Advisory VDB Entry
5	http://www.securityfocus.com/bid/70916	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/70916	Third Party Advisory VDB Entry
7	https://wordpress.org/plugins/bulletproof-security/changelog/	Patch Vendor Advisory
8	https://wordpress.org/plugins/bulletproof-security/changelog/	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ait-pro:bulletproof_security:.50.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.44:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.51:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.44.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.45.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.48.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47.3:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.8:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.47:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.5:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.4:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.7:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.6:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.50:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.2:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.49.9:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.1:::::wordpress::
cpe:2.3:a:ait-pro:bulletproof_security:.46.3:::::wordpress::