CVE-2021-24727

Опубликовано: 13 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections

Ссылки

https://plugins.trac.wordpress.org/changeset/2576276/
Third Party Advisory
https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2576276/
Third Party Advisory
https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:billminozzi:stop_bad_bots:*:*:*:*:*:wordpress:*:*

Версия до 6.60 (исключая)

EPSS

Процентиль: 78%

0.0115

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-68gc-6j2c-jr3m