4 matches found
CVE-2023-0993
The issue concerns The Shield Security plugin for WordPress. The connected documents confirm a vulnerability in the plugin where Missing Authorization on the theme-plugin-file AJAX action affects versions up to and including 17.0.17, enabling authenticated attackers to add arbitrary audit log ent...
CVE-2023-0993 Shield Security <= 17.0.17 - Missing Authorization
The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization
Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected Versions: = 17.0.17 CVE ID: CVE-2023-0992 CVSS Score: 7.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18 T...
WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Broken Access Control
Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6f498e522a5 Credits Ramuel Gall Required...