Search criteria
4 vulnerabilities found for WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots by Unknown
CVE-2021-24863 (GCVE-0-2021-24863)
Vulnerability from cvelistv5 – Published: 2021-12-13 10:41 – Updated: 2024-08-03 19:49
VLAI?
Title
StopBadBots < 6.67 - Unauthenticated SQL Injection
Summary
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.67 , < 6.67
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.67",
"status": "affected",
"version": "6.67",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T10:41:14",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24863",
"STATE": "PUBLIC",
"TITLE": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.67",
"version_value": "6.67"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24863",
"datePublished": "2021-12-13T10:41:14",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24727 (GCVE-0-2021-24727)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI?
Title
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
Summary
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.60 , < 6.60
(custom)
|
Credits
Martin Vierula of Trustwave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.60",
"status": "affected",
"version": "6.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24727",
"STATE": "PUBLIC",
"TITLE": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.60",
"version_value": "6.60"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"name": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2576276/",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24727",
"datePublished": "2021-09-13T17:56:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24863 (GCVE-0-2021-24863)
Vulnerability from nvd – Published: 2021-12-13 10:41 – Updated: 2024-08-03 19:49
VLAI?
Title
StopBadBots < 6.67 - Unauthenticated SQL Injection
Summary
The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.67 , < 6.67
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.67",
"status": "affected",
"version": "6.67",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T10:41:14",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24863",
"STATE": "PUBLIC",
"TITLE": "StopBadBots \u003c 6.67 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.67",
"version_value": "6.67"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24863",
"datePublished": "2021-12-13T10:41:14",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24727 (GCVE-0-2021-24727)
Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI?
Title
Block and Stop Bad Bots < 6.60 - Authenticated SQL Injections
Summary
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots |
Affected:
6.60 , < 6.60
(custom)
|
Credits
Martin Vierula of Trustwave
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.60",
"status": "affected",
"version": "6.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:42",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24727",
"STATE": "PUBLIC",
"TITLE": "Block and Stop Bad Bots \u003c 6.60 - Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.60",
"version_value": "6.60"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174"
},
{
"name": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2576276/",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2576276/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24727",
"datePublished": "2021-09-13T17:56:42",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}