CVE-2021-24727

high

Description

The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections

References

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29174

https://wpscan.com/vulnerability/ffa1f718-f2c5-48ef-8eea-33a18a628a2c

https://plugins.trac.wordpress.org/changeset/2576276/

Details

Source: Mitre, NVD

Published: 2021-09-13

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00631

Detections

Analytics