SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Conclusion & alert: CVE-2014-7959 is rated High Exploit Risk (67.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.92%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-06-06 | 0.97% | 0.92% | -0.04% |
| 2 | 2025-04-04 | 0.92% | 0.97% | +0.04% |
| 3 | 2025-03-30 | — | 0.92% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 2.0 | MEDIUM |
|
8.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ait-pro | bulletproof_security | .44 | cpe:2.3:a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .44.1 | cpe:2.3:a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45 | cpe:2.3:a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.1 | cpe:2.3:a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.2 | cpe:2.3:a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.3 | cpe:2.3:a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.4 | cpe:2.3:a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.5 | cpe:2.3:a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.6 | cpe:2.3:a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.7 | cpe:2.3:a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.8 | cpe:2.3:a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .45.9 | cpe:2.3:a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46 | cpe:2.3:a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.1 | cpe:2.3:a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.2 | cpe:2.3:a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.3 | cpe:2.3:a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.4 | cpe:2.3:a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.5 | cpe:2.3:a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.6 | cpe:2.3:a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.7 | cpe:2.3:a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.8 | cpe:2.3:a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .46.9 | cpe:2.3:a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47 | cpe:2.3:a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.1 | cpe:2.3:a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.2 | cpe:2.3:a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.3 | cpe:2.3:a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.4 | cpe:2.3:a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.5 | cpe:2.3:a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.6 | cpe:2.3:a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.7 | cpe:2.3:a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.8 | cpe:2.3:a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .47.9 | cpe:2.3:a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48 | cpe:2.3:a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.1 | cpe:2.3:a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.2 | cpe:2.3:a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.3 | cpe:2.3:a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.4 | cpe:2.3:a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.5 | cpe:2.3:a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.6 | cpe:2.3:a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.7 | cpe:2.3:a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.8 | cpe:2.3:a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .48.9 | cpe:2.3:a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49 | cpe:2.3:a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.1 | cpe:2.3:a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.2 | cpe:2.3:a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.3 | cpe:2.3:a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.4 | cpe:2.3:a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.5 | cpe:2.3:a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.6 | cpe:2.3:a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.7 | cpe:2.3:a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.8 | cpe:2.3:a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .49.9 | cpe:2.3:a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50 | cpe:2.3:a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.1 | cpe:2.3:a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.2 | cpe:2.3:a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.3 | cpe:2.3:a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.4 | cpe:2.3:a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.5 | cpe:2.3:a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.6 | cpe:2.3:a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.7 | cpe:2.3:a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.8 | cpe:2.3:a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .50.9 | cpe:2.3:a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:* |
| ait-pro | bulletproof_security | .51 | cpe:2.3:a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:* |
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit Third Party Advisory VDB Entry |
| http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/70918 | Third Party Advisory VDB Entry |
| https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch Vendor Advisory |