🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

Information

Software Type	Plugin
Software Slug	stopbadbots (view on wordpress.org)
Software Status	Active
Software Author	sminozzi
Software Website	stopbadbots.com
Software Downloads	1,270,460
Software Active Installs	8,000
Software Record Last Updated	April 20, 2024

8 Vulnerabilities

StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-32496

May 9, 2023

Researcher: Taihei Shimamine

StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation

6.5

CVE-2022-3883

Nov 18, 2022

Researcher: István Márton

WP Block and Stop Bad Bots <= 6.92 - SQL Injection

9.8

CVE-2022-0949

Mar 16, 2022

Researcher: cydave

WP Block and Stop Bad Bots <= 6.88 - SQL Injection

9.8

CVE-2021-25070

Mar 8, 2022

Researcher: Krzysztof Zając

WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection

9.8

CVE-2021-24863

Nov 15, 2021

Researcher: ZhongFu Su

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 6.6.7 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 25, 2021

Researcher: WPScanTeam

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 6.61 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 25, 2021

Researchers:

WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.60 - Authenticated SQL Injection

8.8

CVE-2021-24727

Aug 6, 2021

Researcher: Martin Vierula

Title	CVE ID	CVSS	Researchers	Date
StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-32496	4.4	Taihei Shimamine	May 9, 2023
StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation	CVE-2022-3883	6.5	István Márton	November 18, 2022
WP Block and Stop Bad Bots <= 6.92 - SQL Injection	CVE-2022-0949	9.8	cydave	March 16, 2022
WP Block and Stop Bad Bots <= 6.88 - SQL Injection	CVE-2021-25070	9.8	Krzysztof Zając	March 8, 2022
WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection	CVE-2021-24863	9.8	ZhongFu Su	November 15, 2021
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 6.6.7 - Reflected Cross-Site Scripting		6.1	WPScanTeam	August 25, 2021
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 6.61 - Reflected Cross-Site Scripting		6.1		August 25, 2021
WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.60 - Authenticated SQL Injection	CVE-2021-24727	8.8	Martin Vierula	August 6, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation