CVE-2022-0949
published 2022-04-11CVE-2022-0949: The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.87%
94.0th percentile
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stopbadbots | block_and_stop_bad_bots | < 6.930 | 6.930 |
Detection & IOCsextracted from sources · hover to see the quote
- →The SQLi is triggered via an unauthenticated POST request to wp-admin/admin-ajax.php with the action parameter set to 'stopbadbots_grava_fingerprint' and a malicious 'fingerprint' parameter value. Monitor for SQL metacharacters in the fingerprint field from unauthenticated sessions. ↗
- →The nuclei/template detection checks for HTTP 200 response and presence of 'commentform' in the response body as a positive indicator of a vulnerable target.
- →Affected plugin versions are strictly below 6.930. Any WordPress installation running 'Block Bad Bots and Stop Bad Bots' plugin version <= 6.929 should be treated as vulnerable. ↗
- ·The exploit is available to unauthenticated users, meaning no WordPress account or session cookie is required to trigger the SQL injection — WAF rules should apply to all traffic, not just authenticated sessions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Stop Bad Bots <6.930 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-0949 [CRITICAL] WordPress Stop Bad Bots <6.930 - SQL Injection
WordPress Stop Bad Bots =6'
- 'status_code_2 == 200'
- 'contains(body_3, "commentform")'
condition: and
# digest: 4b0a00483046022100941ca2a20fb984b9ecef1670bea4274bdbe41a86f013d050ff7a79484ac1a444022100eed30b0870c55ec003a2b61e695903577ab24539fe42e7994dbb8a36764440c5:922c64590222798bb761d5b6d8e72950
2022-04-11
Published