CVE-2021-24727
N/A
N/A
Summary
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots | 6.60 < 6.60 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
- https://plugins.trac.wordpress.org/changeset/2576276/
References
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
- https://plugins.trac.wordpress.org/changeset/2576276/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.