Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ait-Pro | Bulletproof-Security | <= .48.9 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/95928
- http://osvdb.org/95929
- http://osvdb.org/95930
- http://secunia.com/advisories/53614Vendor Advisory
- http://wordpress.org/plugins/bulletproof-security/changelog
- http://www.securityfocus.com/bid/61583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86160
- http://osvdb.org/95928
- http://osvdb.org/95929
- http://osvdb.org/95930
- http://secunia.com/advisories/53614Vendor Advisory
- http://wordpress.org/plugins/bulletproof-security/changelog
- http://www.securityfocus.com/bid/61583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86160
FAQ
What is CVE-2013-3487?
CVE-2013-3487 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via un...
How severe is CVE-2013-3487?
CVE-2013-3487 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3487?
Check the references section above for vendor advisories and patch information. Affected products include: Ait-Pro Bulletproof-Security, Wordpress Wordpress.