Search criteria
6 vulnerabilities found for Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection by Unknown
CVE-2022-3883 (GCVE-0-2022-3883)
Vulnerability from cvelistv5 – Published: 2022-12-12 17:54 – Updated: 2025-04-22 15:12
VLAI?
Title
StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation
Summary
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
0 , < 7.24
(custom)
|
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8695b157-abac-4aa6-a022-e3ae41c03544"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:12:24.637309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:12:48.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T17:54:36.736Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/8695b157-abac-4aa6-a022-e3ae41c03544"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "StopBadBots \u003c 7.24 - Subscriber+ Arbitrary Plugin Installation",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3883",
"datePublished": "2022-12-12T17:54:36.736Z",
"dateReserved": "2022-11-07T16:30:25.254Z",
"dateUpdated": "2025-04-22T15:12:48.359Z",
"requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0949 (GCVE-0-2022-0949)
Vulnerability from cvelistv5 – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
VLAI?
Title
WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi
Summary
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.930 , < 6.930
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.930",
"status": "affected",
"version": "6.930",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T14:40:59",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0949",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.930",
"version_value": "6.930"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0949",
"datePublished": "2022-04-11T14:40:59",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25070 (GCVE-0-2021-25070)
Vulnerability from cvelistv5 – Published: 2022-03-28 17:22 – Updated: 2024-08-03 19:56
VLAI?
Title
WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
Summary
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.88 , < 6.88
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.88",
"status": "affected",
"version": "6.88",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:22:08",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25070",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.88",
"version_value": "6.88"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25070",
"datePublished": "2022-03-28T17:22:09",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3883 (GCVE-0-2022-3883)
Vulnerability from nvd – Published: 2022-12-12 17:54 – Updated: 2025-04-22 15:12
VLAI?
Title
StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation
Summary
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
0 , < 7.24
(custom)
|
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8695b157-abac-4aa6-a022-e3ae41c03544"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:12:24.637309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:12:48.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T17:54:36.736Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/8695b157-abac-4aa6-a022-e3ae41c03544"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "StopBadBots \u003c 7.24 - Subscriber+ Arbitrary Plugin Installation",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3883",
"datePublished": "2022-12-12T17:54:36.736Z",
"dateReserved": "2022-11-07T16:30:25.254Z",
"dateUpdated": "2025-04-22T15:12:48.359Z",
"requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0949 (GCVE-0-2022-0949)
Vulnerability from nvd – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
VLAI?
Title
WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi
Summary
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.930 , < 6.930
(custom)
|
Credits
cydave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.930",
"status": "affected",
"version": "6.930",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cydave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T14:40:59",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0949",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.930",
"version_value": "6.930"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0949",
"datePublished": "2022-04-11T14:40:59",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25070 (GCVE-0-2021-25070)
Vulnerability from nvd – Published: 2022-03-28 17:22 – Updated: 2024-08-03 19:56
VLAI?
Title
WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
Summary
The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection |
Affected:
6.88 , < 6.88
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.88",
"status": "affected",
"version": "6.88",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:22:08",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25070",
"STATE": "PUBLIC",
"TITLE": "WP Block and Stop Bad Bots \u003c 6.88 - Unauthenticated SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.88",
"version_value": "6.88"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-2e272630a36f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25070",
"datePublished": "2022-03-28T17:22:09",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}