WordPress Stop Bad Bots <6.930 - SQL Injection

WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users. An attacker can...

PT-2026-36320

If you're running any of these 20 plugins, you need to deactivate and delete them immediately. Critical vulnerabilities were disclosed today and the authors have either abandoned the projects or just flat-out refused to patch them. Create DB Tables – CVE-2026-4119 FunnelFormsPro – CVE-2026-39440...

EUVD-2021-11775

Malware in sbrugna...

EUVD-2021-11639

Malware in sbrugna...

CVE-2025-9376

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbotscheckwordpressloggedincookie' function in all versions up to, and including, 11.58. This...

WordPress StopBadBots plugin <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass vulnerability

Insufficient Authorization to Unauthenticated Blocklist Bypass vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin StopBadBots versions = 11.58...

CVE-2021-24863

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection...

CVE-2021-24727

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections...

WordPress StopBadBots plugin <= 10.23 - Missing Authorization to Information Exposure vulnerability

Missing Authorization to Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin StopBadBots versions = 10.23...

WordPress StopBadBots Plugin <= 10.23 is vulnerable to Broken Access Control

Software StopBadBots Type Plugin Vulnerable versions = 10.23 Fixed in 10.24 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4355 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c1d3c12009e3 Credits Krzysztof Zając Required privilege...

WordPress plugin stopbadbots 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-32496 WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin = 7.31 versions...

CVE-2023-32496 WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin = 7.31 versions...

WordPress Plugin StopBadBots 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Software StopBadBots Type Plugin Vulnerable versions = 7.31 Fixed in 7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32496 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3406dc788439 Credits Taihei Shimamine Required...

CVE-2022-3883 StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress....

WordPress plugin StopBadBots 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org PoC Run the below command in the developer console of the web browser while being on the blog as ...

WordPress StopBadBots plugin <= 7.23 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress StopBadBots plugin versions = 7.23. Solution Update the WordPress StopBadBots plugin to the latest available version at least 7.24...

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...