Lucene search
K

99 matches found

Patchstack
Patchstack
added 2024/02/05 12:0 a.m.15 views

WordPress Shield Security Plugin <= 18.5.9 is vulnerable to Local File Inclusion

Software Shield Security Type Plugin Vulnerable versions = 18.5.9 Fixed in 18.5.10 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6989 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 04828c1716f2 Credits hir0ot Required privilege Unauthenticate...

9.8CVSS6.8AI score0.56567EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/31 6:15 p.m.3 views

CVE-2024-22163

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

6.1CVSS6.8AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2024/01/31 6:15 p.m.25 views

CVE-2024-22163

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

7.1CVSS6.9AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 6:15 p.m.23 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

5.8CVSS6.9AI score0.00331EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 5:57 p.m.2 views

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

7.1CVSS9.5AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/31 5:57 p.m.38 views

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

7.1CVSS7AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2024/01/31 5:57 p.m.62 views

CVE-2024-22163

CVE-2024-22163 is a stored XSS vulnerability in the WordPress Shield Security plugin (Shield Security – Smart Bot Blocking & Intrusion Prevention Security)

7.1CVSS7.1AI score0.00331EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.6 views

WordPress plugin Shield Security Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6AI score0.00331EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/01/16 12:0 a.m.12 views

WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 18.5.7 Fixed in 18.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5c42fda3a58 Credits Yudistira Arya Required...

7.1CVSS6.5AI score0.00331EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.6 views

PT-2023-8522 · WordPress · The Shield Security

Name of the Vulnerable Software and Affected Versions: The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress versions up to, and including, 18.5.9 Description: The issue is related to Local File Inclusion, which allows an unauthenticated attacker to include...

9.8CVSS9.6AI score0.56567EPSS
Exploits0References15
OSV
OSV
added 2023/06/09 6:15 a.m.3 views

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS5.8AI score0.0055EPSS
Exploits2References3
NVD
NVD
added 2023/06/09 6:15 a.m.29 views

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS5.1AI score0.0055EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.3 views

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

7.2CVSS6.6AI score0.93046EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.2 views

CVE-2023-0992

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS6.8AI score0.93046EPSS
Exploits2References4
OSV
OSV
added 2023/06/09 6:15 a.m.4 views

CVE-2023-0992

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

6.1CVSS6.6AI score0.93046EPSS
Exploits2References3
Prion
Prion
added 2023/06/09 6:15 a.m.25 views

Cross site scripting

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4CVSS5AI score0.93046EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2023/06/09 5:33 a.m.52 views

CVE-2023-0993

The issue concerns The Shield Security plugin for WordPress. The connected documents confirm a vulnerability in the plugin where Missing Authorization on the theme-plugin-file AJAX action affects versions up to and including 17.0.17, enabling authenticated attackers to add arbitrary audit log ent...

4.3CVSS5AI score0.0055EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.15 views

CVE-2023-0993 Shield Security <= 17.0.17 - Missing Authorization

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS6.6AI score0.0055EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.41 views

CVE-2023-0993 Shield Security <= 17.0.17 - Missing Authorization

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS5.2AI score0.0055EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.16 views

CVE-2023-0992 Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS6.8AI score0.93046EPSS
Exploits2References4
Rows per page
Query Builder