Description
The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections
References
https://plugins.trac.wordpress.org/changeset/2576276/
Third Party Advisory
https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c
ExploitThird Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-13T18:15:18.947
3 years agoLast modified
2021-09-23T15:05:42.620
3 years ago