Because of this server side request forgery vulnerability in admin/htaccess/bpsunlock.php, the attackers can trigger outbound requests that authenticate to arbitrary databases via the “dbhost” parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
bulletproof security | le | .51 |