Vulnerability Description
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Billminozzi | Stop Bad Bots | < 6.60 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2576276/Third Party Advisory
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2cExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2576276/Third Party Advisory
- https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2cExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
FAQ
What is CVE-2021-24727?
CVE-2021-24727 is a vulnerability with a CVSS score of 8.8 (HIGH). The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
How severe is CVE-2021-24727?
CVE-2021-24727 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24727?
Check the references section above for vendor advisories and patch information. Affected products include: Billminozzi Stop Bad Bots.