CVE-2022-0949

CVE-2022-0949: WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

Vendor Unknown

Product Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

Weakness CWE-89 · SQLi

Published April 11, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection

Key dates

02Disclosure timeline

April 11, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0949

Related vulnerabilities

04Related CVE

CVE-2023-1785 SourceCodester Earnings and Expense Tracker App manage_user.php sql injection CVE-2025-10862 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' CVE-2025-0487 Fanli2012 native-php-cms cat_edit.php sql injection CVE-2025-13274 Campcodes School Fees Payment Management System ajax.php sql injection CVE-2026-0570 code-projects Online Music Site Feedback.php sql injection