CVE-2021-24863 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2021-24863?

CVE-2021-24863 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to perform SQL injection attacks by manipulating the User-Agent header in requests to WordPress sites using the StopBadBots plugin. Attackers can potentially execute arbitrary SQL commands, leading to data theft, modification, or complete system compromise. All WordPress sites running vulnerable versions of the StopBadBots plugin are affected.

📋 TL;DR

This vulnerability allows attackers to perform SQL injection attacks by manipulating the User-Agent header in requests to WordPress sites using the StopBadBots plugin. Attackers can potentially execute arbitrary SQL commands, leading to data theft, modification, or complete system compromise. All WordPress sites running vulnerable versions of the StopBadBots plugin are affected.

💻 Affected Systems

Products:

StopBadBots WordPress Plugin

Versions: All versions before 6.67

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Any WordPress site with the vulnerable plugin installed is affected regardless of configuration.

📦 What is this software?

Stop Bad Bots by Billminozzi

View all CVEs affecting Stop Bad Bots →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data exfiltration, privilege escalation, remote code execution, and full site takeover.

🟠

Likely Case

Database information disclosure, user data theft, and potential administrative access to the WordPress site.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted HTTP requests with malicious User-Agent headers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.67

Vendor Advisory: https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find StopBadBots plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.67+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable StopBadBots Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate stopbadbots

Web Application Firewall Rule

all

Block malicious User-Agent patterns containing SQL injection attempts.

🧯 If You Can't Patch

Implement strict input validation for User-Agent headers at the web server level
Deploy a WAF with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > StopBadBots for version number below 6.67

Check Version:

wp plugin list --name=stopbadbots --field=version

Verify Fix Applied:

Confirm plugin version is 6.67 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in WordPress logs
Requests with suspicious User-Agent strings containing SQL keywords

Network Indicators:

HTTP requests with User-Agent containing SQL injection payloads

SIEM Query:

source="wordpress.log" AND "SQL syntax" AND "User-Agent"

📊 Metadata

CVE ID: CVE-2021-24863

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 13, 2021

Last Updated: January 16, 2026

🔗 References

https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae Exploit,Third Party Advisory
https://wpscan.com/vulnerability/1e4dd002-6c96-44f9-bd55-61359265f7ae Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24863, you might also want to check these: