Description
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2576276/
Scores
CVSS v3
8.8
EPSS
0.0171
EPSS Percentile
74.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
billminozzi/stop_bad_bots
< 6.60
Published
Sep 13, 2021
Tracked Since
Feb 18, 2026