{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9376", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-22T23:42:07.806Z", "datePublished": "2025-08-28T11:16:21.743Z", "dateUpdated": "2025-08-28T14:48:14.973Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-08-28T11:16:21.743Z"}, "affected": [{"vendor": "sminozzi", "product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "11.58", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality."}], "title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d6b0d86-3cb4-4723-b677-141c604f00cc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/stopbadbots/trunk/stopbadbots.php#L1958"}, {"url": "https://plugins.trac.wordpress.org/changeset/3350927/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3351023/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization", "cweId": "CWE-863", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos"}], "timeline": [{"time": "2025-08-26T16:11:31.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-27T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-28T13:35:10.304505Z", "id": "CVE-2025-9376", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-28T14:48:14.973Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-28T13:35:10.304505Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-28T13:35:12.977Z"}}], "cna": {"title": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass", "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}}], "affected": [{"vendor": "sminozzi", "product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "11.58"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-26T16:11:31.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-27T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d6b0d86-3cb4-4723-b677-141c604f00cc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/stopbadbots/trunk/stopbadbots.php#L1958"}, {"url": "https://plugins.trac.wordpress.org/changeset/3350927/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3351023/"}], "descriptions": [{"lang": "en", "value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-08-28T11:16:21.743Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9376", "state": "PUBLISHED", "dateUpdated": "2025-08-28T14:48:14.973Z", "dateReserved": "2025-08-22T23:42:07.806Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-28T11:16:21.743Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality."}], "id": "CVE-2025-9376", "lastModified": "2025-08-29T16:24:09.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-08-28T12:15:39.280", "references": [{"source": "[email protected]", "url": "https://plugins.trac.wordpress.org/browser/stopbadbots/trunk/stopbadbots.php#L1958"}, {"source": "[email protected]", "url": "https://plugins.trac.wordpress.org/changeset/3350927/"}, {"source": "[email protected]", "url": "https://plugins.trac.wordpress.org/changeset/3351023/"}, {"source": "[email protected]", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8d6b0d86-3cb4-4723-b677-141c604f00cc?source=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "[email protected]", "type": "Primary"}]}

{}