CVE-2021-24863

CRITICAL

StopBadBots WordPress Plugin < 6.67 - SQL Injection via User Agent Parameter

Title source: llm
STIX 2.1

Description

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae

Scores

CVSS v3 9.8
EPSS 0.0158
EPSS Percentile 72.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
billminozzi/stop_bad_bots < 6.67
Published Dec 13, 2021
Tracked Since Feb 18, 2026