PT-2017-7558 · WordPress · Bulletproof Security
Sathish
·
Publicado
2017-09-12
·
Atualizado
2020-11-10
·
CVE-2015-9230
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BulletProof Security plugin versions prior to .52.5
Description
The issue allows for XSS to be possible for remote authenticated administrators via the
DBTablePrefix parameter in the admin/db-backup-security/db-backup-security.php page.Recommendations
For versions prior to .52.5, update to version .52.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/db-backup-security/db-backup-security.php page to minimize the risk of exploitation. Avoid using the
DBTablePrefix parameter in the affected page until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bulletproof Security