CVE-2021-24727

HIGH

StopBadBots WP <6.60 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2576276/

Scores

CVSS v3 8.8
EPSS 0.0171
EPSS Percentile 74.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
billminozzi/stop_bad_bots < 6.60
Published Sep 13, 2021
Tracked Since Feb 18, 2026