CVE-2024-4355
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data.
El complemento Block Bad Bots y Stop Bad Bots Crawlers and Spiders y Anti Spam Protection para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función stopbadbots_get_ajax_data() en todas las versiones hasta la 10.24 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, expongan los datos de los visitantes.
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.23. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-30 CVE Reserved
- 2024-05-29 CVE Published
- 2024-08-01 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://wordpress.org/plugins/stopbadbots | ||
https://www.wordfence.com/threat-intel/vulnerabilities/id/c77d94ae-528d-4525-b16d-96529bee08c0?source=cve |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sminozzi Search vendor "Sminozzi" | Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection Search vendor "Sminozzi" for product "Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection" | <= 10.24 Search vendor "Sminozzi" for product "Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection" and version " <= 10.24" | en |
Affected
|