📄 BulletProof Security 0.53.3 Cross Site Scripting_PACKETSTORM:214772

Description

Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive...

Visit Original Source

Basic Information

ID PACKETSTORM:214772

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions BulletProof Security 0.53.3 - Multiple Cross-site Scripting
Advisory ID: RO-16-007
Severity: Medium
Vendor: AITpro
Product: BulletProof Security
Version: 0.53.3

Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3.

Vulnerability Details #

Affected Versions: 0.53.3 and earlier

Root Cause: Insufficient input validation in security log page.
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php

Vulnerable Parameter (POST): user-agent-ignore

Attack Pattern:

'"--></style></scRipt><scRipt>alert(0x001E32)</scRipt>

Exploitation Requirements #

Admin authentication required
Victim must interact with the malicious element

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal admin session cookies
Perform administrative actions
Bypass security logging features

Solution #

Update to the latest version. See BPS Changelog.

References #

Invicti Advisory NS-16-003

Timeline:

[2016-03-15] - First Contact
[2016-03-23] - Vendor Fixed
[2016-05-09] - Advisory Released

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:37:54",
    "description": "Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 BulletProof Security 0.53.3 Cross Site Scripting",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214772",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "BulletProof Security 0.53.3 - Multiple Cross-site Scripting\n    Advisory ID: RO-16-007\n    Severity: Medium\n    Vendor: AITpro\n    Product: BulletProof Security\n    Version: 0.53.3\n    \n    \n    Overview #\n    \n    Multiple Cross-site Scripting (XSS) vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: 0.53.3 and earlier\n    \n    Root Cause: Insufficient input validation in security log page.\n    Technical Details #\n    \n    Vulnerable URL: /wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php\n    \n    Vulnerable Parameter (POST): user-agent-ignore\n    \n    Attack Pattern:\n    \n    '\"--></style></scRipt><scRipt>alert(0x001E32)</scRipt>\n    \n    \n    \n    Exploitation Requirements #\n    \n        Admin authentication required\n        Victim must interact with the malicious element\n    \n    Impact #\n    \n    Remote attackers can exploit these vulnerabilities to:\n    \n        Steal admin session cookies\n        Perform administrative actions\n        Bypass security logging features\n    \n    \n    \n    Solution #\n    \n    Update to the latest version. See BPS Changelog.\n    \n    \n    References #\n    \n        Invicti Advisory NS-16-003\n    \n    Timeline:\n    \n        [2016-03-15] - First Contact\n        [2016-03-23] - Vendor Fixed\n        [2016-05-09] - Advisory Released\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214772",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214772/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply