Vulnerabilities > CVE-2021-24727 - Unspecified vulnerability in Stopbadbots Block and Stop BAD Bots
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset/2576276/
- https://plugins.trac.wordpress.org/changeset/2576276/
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174