WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
CVE-2021-25070

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection
Vendor: CVE Published:; 28 March 2022

Summary

The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue

Affected Version(s)

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection 6.88

References

https://wpscan.com/vulnerability/e00b2946-15e5-4458-9b13-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

Krzysztof Zając