CVE-2021-25070

CVE-2021-25070: WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

Vendor Unknown

Product Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

Weakness CWE-89 · SQLi

Published March 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue

Key dates

02Disclosure timeline

March 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25070

Related vulnerabilities

04Related CVE

CVE-2025-8442 code-projects Online Medicine Guide cussignup.php sql injection CVE-2024-0956 WP ERP <= 1.13.0 - Authenticated (AccountingManager+) SQL Injection CVE-2024-3704 SQL Injection vulnerability in OpenGnsys CVE-2025-10623 SourceCodester Hotel Reservation System deleteuser.php sql injection CVE-2023-7123 SourceCodester Medicine Tracking System sql injection