Lucene search
K

779 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.12 views

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.8 views

CVE-2026-0722

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for...

6.5CVSS5.7AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:21 a.m.6 views

CVE-2026-0561

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/19 12:52 p.m.5 views

WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

6.5CVSS6AI score0.00397EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2026-0561

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:17 a.m.4 views

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 4:36 a.m.19 views

CVE-2026-0722

CVE-2026-0722: Shield Security for WordPress has a CSRF to SQL Injection vulnerability in versions up to 21.0.8 due to nonce verification bypass in isNonceVerifyRequired, enabling unauthenticated attackers to extract data via forged requests when a site admin is tricked into action. The issue is ...

6.5CVSS5.7AI score0.00397EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.2 views

CVE-2026-0722 Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for...

6.5CVSS5.6AI score0.00397EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.29 views

CVE-2026-0722 Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for...

6.5CVSS0.00397EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.31 views

CVE-2026-0561 Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2026-0561 Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.22 views

CVE-2026-0561

CVE-2026-0561 affects the Shield Security plugin for WordPress up to version 21.0.8. It enables unauthenticated, reflected Cross-Site Scripting via the 'message' parameter due to insufficient input sanitization and output escaping. The impact is described as injecting arbitrary web scripts on pag...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.30 views

CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS0.00198EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/19 12:5 a.m.7 views

WordPress Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability

Missing Authorization to Authenticated Subscriber+ Email MFA Update vulnerability discovered by shark3y in WordPress Plugin Shield Security versions = 21.0.9...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

WordPress plugin Shield Security 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20628

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for...

6.5CVSS5.7AI score0.00397EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20617

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Shield Security 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.6AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Shield Security SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00397EPSS
Exploits0References6
Rows per page
Query Builder