GCVE - cpe:2.3:a:sminozzi:block_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam

Approved changes feed: RSS · Atom

cpe:2.3:a:sminozzi:block_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protection:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sminozzi (`4a7d4e7d-d5d8-5a88-8f39-2f62168fb260`)
Product	Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection (`bb758c63-e2b2-50e0-9d34-7dbdb6b5f27e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9376`	vulnerable	2026-06-08 07:45:22.381181	Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass MEDIUM (6.5) The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality. Published: 2025-08-28T11:16:21.743Z Updated: 2026-04-08T17:06:10.612Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/8d6b0d86-3cb4-4723-b677-141c604f00cc?source=cve https://plugins.trac.wordpress.org/browser/stopbadbots/trunk/stopbadbots.php#L1958 https://plugins.trac.wordpress.org/changeset/3350927/ https://plugins.trac.wordpress.org/changeset/3351023/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4355`	vulnerable	2026-06-08 06:50:17.571412	Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information Expsoure MEDIUM (4.3) The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.23. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data. Published: 2024-05-30T08:30:14.013Z Updated: 2026-04-08T17:21:25.789Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c77d94ae-528d-4525-b16d-96529bee08c0?source=cve https://wordpress.org/plugins/stopbadbots/ https://plugins.trac.wordpress.org/changeset/3094528	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Block Bad Bots And Stop Bad Bots Crawlers And Spiders And Anti Spam Protection

PURL mappings

Vulnerability references

Contribute