CVE-2021-24863

CVE-2021-24863: StopBadBots < 6.67 - Unauthenticated SQL Injection

Vendor Unknown

Product WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots

Weakness CWE-89 · SQLi

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24863

Related vulnerabilities

04Related CVE

CVE-2023-7176 Campcodes Online College Library System HTTP POST Request return_add.php sql injection CVE-2019-25432 Part-DB 0.4 Authentication Bypass via login.php CVE-2025-7508 code-projects Modern Bag product-update.php sql injection CVE-2024-47334 WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter