Blackhole for Bad Bots Plugin Vulnerabilities

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Blackhole for Bad Bots so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility

2 records include a published patch path.

Severity Mix

1 critical and 1 high severity finding.

Reference Workflow

Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.

Known Vulnerabilities

Reports for Blackhole for Bad Bots

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-4329

Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() when capt...

Published

Mar 25, 2026

Patched Release

3.8.1

Affected Versions

Versions up to 3.8

Next Step

Update to 3.8.1 or newer if supported.

Open Full Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2022-1165

Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitima...

Published

Jan 31, 2022

Patched Release

3.3.2

Affected Versions

Versions before 3.3.2

Next Step

Update to 3.3.2 or newer if supported.

Open Full Report Open CVE Reference

Blackhole for Bad Bots Vulnerabilities

What this page helps you verify fast

Reports for Blackhole for Bad Bots