CVE-2026-0722

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for...

WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

WordPress Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability

Missing Authorization to Authenticated Subscriber+ Email MFA Update vulnerability discovered by shark3y in WordPress Plugin Shield Security versions = 21.0.9...

CVE-2025-15370

The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible...

WordPress Plugin Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Shield Security plugin <= 19.1.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Christian Angel in WordPress Plugin Shield Security versions = 19.1.10...

WordPress Shield Security Plugin <= 18.5.9 is vulnerable to Local File Inclusion

Software Shield Security Type Plugin Vulnerable versions = 18.5.9 Fixed in 18.5.10 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6989 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 04828c1716f2 Credits hir0ot Required privilege Unauthenticate...

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 18.5.7 Fixed in 18.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5c42fda3a58 Credits Yudistira Arya Required...

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0992 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 814ad86ffa89 Credits Ramuel Gall Requir...

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities. Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected...