Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection
Moderate fix1 remedy
cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 11.58
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress Plugin Data Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in the Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress, affecting all versions through 11.58. The issue arises from an inadequate capability check in the 'stopbadbots_check_wordpress_logged_in_cookie' function, allowing unauthenticated attackers to bypass blocklists, rate limits, and other plugin features.
Impact
Exploitation of this vulnerability allows for unauthorized data access, enabling attackers to circumvent blocklists and rate limits imposed by the plugin.
Reproduction
The vulnerability can be reproduced by sending a request to a WordPress site with the affected plugin installed, without including the 'wordpress_logged_in_' cookie. The absence of this cookie, which indicates a logged-in user, can be exploited to bypass the plugin's restrictions.
Remediation
Users are advised to update the plugin to version 11.59 or later.
Added: Aug 28, 2025, 12:55 PM
Updated: Aug 28, 2025, 12:55 PM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
1.3exploitability
8.6remediation
7.7relevance
0.4threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.