CVE-2021-24727: 
WordPress vulnerability analysis and mitigation

CVE-2021-24727 affects the StopBadBots WordPress plugin versions before 6.60. The vulnerability was discovered by Martin Vierula of Trustwave and was publicly disclosed on August 6, 2021. The plugin failed to properly validate or escape the order and orderby GET parameters in several admin dashboard pages (WPScan, CVE Mitre).

The vulnerability is classified as an Authenticated SQL Injection (SQLi) with a CVSS v3.1 score of 8.8 (HIGH). The issue stems from improper validation and escaping of the order and orderby GET parameters in the admin dashboard pages. This vulnerability falls under the OWASP Top 10 category A1: Injection and is identified as CWE-89 (WPScan).

If exploited, this vulnerability could allow authenticated attackers with access to the admin dashboard to perform SQL injection attacks. This could potentially lead to unauthorized access to the database, data manipulation, or exposure of sensitive information (WPScan).

Users are advised to update to StopBadBots WordPress plugin version 6.60 or later, which contains the fix for this vulnerability. The fix was implemented through a patch that properly validates and escapes the affected parameters (WordPress Plugin).