Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.
Conclusion & alert: CVE-2014-7958 is rated High Exploit Risk (63/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.51%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.88% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.62% | 2.51% | +1.88% |
| 2 | 2025-03-30 | 7.04% | 0.62% | -6.42% |
| 3 | 2025-03-29 | — | 7.04% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ait-pro | bulletproof_security | .44 | cpe:2.3:a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .44.1 | cpe:2.3:a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45 | cpe:2.3:a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.1 | cpe:2.3:a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.2 | cpe:2.3:a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.3 | cpe:2.3:a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.4 | cpe:2.3:a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.5 | cpe:2.3:a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.6 | cpe:2.3:a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.7 | cpe:2.3:a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.8 | cpe:2.3:a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.9 | cpe:2.3:a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46 | cpe:2.3:a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.1 | cpe:2.3:a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.2 | cpe:2.3:a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.3 | cpe:2.3:a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.4 | cpe:2.3:a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.5 | cpe:2.3:a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.6 | cpe:2.3:a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.7 | cpe:2.3:a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.8 | cpe:2.3:a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.9 | cpe:2.3:a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47 | cpe:2.3:a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.1 | cpe:2.3:a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.2 | cpe:2.3:a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.3 | cpe:2.3:a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.4 | cpe:2.3:a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.5 | cpe:2.3:a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.6 | cpe:2.3:a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.7 | cpe:2.3:a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.8 | cpe:2.3:a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.9 | cpe:2.3:a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48 | cpe:2.3:a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.1 | cpe:2.3:a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.2 | cpe:2.3:a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.3 | cpe:2.3:a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.4 | cpe:2.3:a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.5 | cpe:2.3:a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.6 | cpe:2.3:a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.7 | cpe:2.3:a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.8 | cpe:2.3:a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.9 | cpe:2.3:a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49 | cpe:2.3:a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.1 | cpe:2.3:a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.2 | cpe:2.3:a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.3 | cpe:2.3:a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.4 | cpe:2.3:a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.5 | cpe:2.3:a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.6 | cpe:2.3:a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.7 | cpe:2.3:a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.8 | cpe:2.3:a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.9 | cpe:2.3:a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50 | cpe:2.3:a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.1 | cpe:2.3:a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.2 | cpe:2.3:a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.3 | cpe:2.3:a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.4 | cpe:2.3:a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.5 | cpe:2.3:a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.6 | cpe:2.3:a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.7 | cpe:2.3:a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.8 | cpe:2.3:a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.9 | cpe:2.3:a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .51 | cpe:2.3:a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:* |
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit Third Party Advisory VDB Entry |
| http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/70916 | Third Party Advisory VDB Entry |
| https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch Vendor Advisory |