Search
Find a vulnerability
Search criteria
5 vulnerabilities by stopbadbots
CVE-2023-32496 (GCVE-0-2023-32496)
Vulnerability from cvelistv5 – Published: 2023-08-23 13:35 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/sto… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bill Minozzi | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
n/a , ≤ 7.31
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/stopbadbots/wordpress-block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-plugin-7-31-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:31:38.221752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:37:51.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "stopbadbots",
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Bill Minozzi",
"versions": [
{
"changes": [
{
"at": "7.32",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.31",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Taihei Shimamine (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a07.31 versions.\u003c/span\u003e"
}
],
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin \u003c=\u00a07.31 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:22.681Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/stopbadbots/wordpress-block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-plugin-7-31-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a07.32 or a higher version."
}
],
"value": "Update to\u00a07.32 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress StopBadBots Plugin \u003c= 7.31 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-32496",
"datePublished": "2023-08-23T13:35:09.170Z",
"dateReserved": "2023-05-09T07:39:38.341Z",
"dateUpdated": "2026-04-28T16:08:22.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0949 (GCVE-0-2022-0949)
Vulnerability from cvelistv5 – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
VLAI
Title
WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi
Summary
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a0fbb79a-e160-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.930 , < 6.930
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.930",
"status": "affected",
"version": "6.930",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T14:40:59.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0949",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.930",
"version_value": "6.930"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0949",
"datePublished": "2022-04-11T14:40:59.000Z",
"dateReserved": "2022-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:42.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25070 (GCVE-0-2021-25070)
Vulnerability from cvelistv5 – Published: 2022-03-28 17:22 – Updated: 2024-08-03 19:56
VLAI
Title
WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
Summary
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e00b2946-15e5-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.88 , < 6.88
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.88",
"status": "affected",
"version": "6.88",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:22:08.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25070",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.88",
"version_value": "6.88"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25070",
"datePublished": "2022-03-28T17:22:09.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:09.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24863 (GCVE-0-2021-24863)
Vulnerability from cvelistv5 – Published: 2021-12-13 10:41 – Updated: 2024-08-03 19:49
VLAI
Title
StopBadBots < 6.67 - Unauthenticated SQL Injection
Summary
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/1e4dd002-6c96-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.67 , < 6.67
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.67",
"status": "affected",
"version": "6.67",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T10:41:14.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24863",
"STATE": "PUBLIC",
"TITLE": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.67",
"version_value": "6.67"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24863",
"datePublished": "2021-12-13T10:41:14.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24727 (GCVE-0-2021-24727)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI
Title
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
Summary
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.trustwave.com/en-us/resources/securit… | x_refsource_MISC |
| https://wpscan.com/vulnerability/ffa1f718-f2c5-48… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2576276/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.60 , < 6.60
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.60",
"status": "affected",
"version": "6.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24727",
"STATE": "PUBLIC",
"TITLE": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.60",
"version_value": "6.60"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"name": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2576276/",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24727",
"datePublished": "2021-09-13T17:56:42.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}