Description
Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.
Published: 2025-07-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw that allows users to access functionality that should be restricted by Access Control Lists. Because the Stop and Block bots plugin does not properly enforce ACLs, an attacker may be able to perform actions normally reserved for privileged users, potentially leading to full site compromise. The weakness is categorized as CWE-862, indicating an authorization defect.

Affected Systems

All WordPress installations that use the sminozzi Stop and Block bots plugin with version 1.48 or earlier are affected. The plugin has been identified as vulnerable from its earliest available version through 1.48, inclusive. Site administrators should verify the plugin version and upgrade if necessary.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate severity, and the EPSS score of less than 1% indicates that exploitation is considered unlikely but not impossible. The vulnerability is not currently listed in CISA’s KEV catalog. Attackers could exploit the flaw remotely by sending crafted HTTP requests to the plugin’s administrative endpoints; no prior authentication appears to be required based on the description, making the attack vector accessible to users who can reach the site over the network.

Generated by OpenCVE AI on April 30, 2026 at 09:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Stop and Block bots plugin to a version newer than 1.48 to apply the authorization fix.
  • If an upgrade cannot be performed immediately, restrict direct access to the plugin’s administrative URLs using web‑server rules or a firewall so that only trusted IP addresses or authenticated users can reach them.
  • After the upgrade or restriction is in place, conduct an access test to confirm that non‑admin users can no longer reach the privileged functions.

Generated by OpenCVE AI on April 30, 2026 at 09:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21651 Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48. Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 16 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00029}

Wed, 16 Jul 2025 10:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.
Title WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:53.348Z

Reserved: 2025-05-15T18:02:16.098Z

Link: CVE-2025-48166

cve-icon Vulnrichment

Updated: 2025-07-16T14:26:53.122Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T11:15:25.000

Modified: 2026-04-23T15:30:55.137

Link: CVE-2025-48166

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T09:45:25Z

Weaknesses