Lucene search
K

99 matches found

CVE
CVE
added 2023/06/09 5:33 a.m.94 views

CVE-2023-0992

CVE-2023-0992 relates to the Shield Security plugin for WordPress. The Red Hat data corroborates a later feed showing a Missing Authorization issue on the theme-plugin-file AJAX action in versions up to and including 17.0.17, and notes that this can serve as a vector for the stored Cross-Site Scr...

7.2CVSS5AI score0.93046EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.36 views

CVE-2023-0992 Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS5.2AI score0.93046EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.7 views

PT-2023-16671 · WordPress · The Shield Security

Name of the Vulnerable Software and Affected Versions: The Shield Security plugin for WordPress versions up to, and including, 17.0.17 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the User-Agent header, which will execute whenever a user...

7.2CVSS5.3AI score0.93046EPSS
Exploits2References7
Wordfence Blog
Wordfence Blog
added 2023/04/25 1:14 p.m.35 views

Multiple Vulnerabilities Patched in Shield Security

On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an...

6.2AI score0.93046EPSS
Exploits2
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.16 views

WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0992 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 814ad86ffa89 Credits Ramuel Gall Requir...

7.2CVSS5.9AI score0.93046EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.13 views

WordPress plugin Shield Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6.3AI score0.93046EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2023/04/25 12:0 a.m.20 views

Shield Security < 17.0.18 - Subscriber+ Arbitrary Log Entry Creation

The plugin does not have authorisation in the theme-plugin-file AJAX action, allowing any authenticated users, such as subscriber to call it and add arbitrary audit log entries, which could also lead to Stored XSS due to the lack of escaping of some entry metadata...

4.3CVSS6.2AI score0.0055EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2023/04/25 12:0 a.m.315 views

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected Versions: = 17.0.17 CVE ID: CVE-2023-0992 CVSS Score: 7.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18 T...

6.3AI score0.93046EPSS
Exploits2
0day.today
0day.today
added 2023/04/25 12:0 a.m.347 views

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities. Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected...

7.2CVSS5.7AI score0.93046EPSS
Exploits2
CNVD
CNVD
added 2022/02/23 12:0 a.m.33 views

WordPress Shield Security plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...

4.8CVSS1.8AI score0.00588EPSS
Exploits2References1
OSV
OSV
added 2022/02/21 11:15 a.m.4 views

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00588EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:15 a.m.6 views

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS5.5AI score0.00588EPSS
Exploits2References2
NVD
NVD
added 2022/02/21 11:15 a.m.27 views

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS0.00588EPSS
Exploits2References1
CVE
CVE
added 2022/02/21 10:46 a.m.93 views

CVE-2022-0211

The CVE-2022-0211 entry concerns the WordPress Shield Security plugin (before 13.0.6). The vulnerability is a stored XSS caused by the plugin not sanitising/escaping admin notes, which could let high-privilege users execute JavaScript even when unfiltered_html is disallowed. Public references in ...

4.8CVSS4.8AI score0.00588EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/21 10:46 a.m.32 views

CVE-2022-0211 Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

5.1AI score0.00588EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/01/19 12:0 a.m.25 views

WordPress Shield Security plugin <= 13.0.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Shield Security plugin versions = 13.0.5. Solution Update the WordPress Shield Security plugin to the latest available version at least 13.0.6...

4.8CVSS2AI score0.00588EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/01/19 12:0 a.m.483 views

Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload as an Admin Note Shield Security Tools Admin Notes: alert/XSS/;...

4.8CVSS0.7AI score0.00588EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/01/19 12:0 a.m.22 views

Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payload as an Admin Note Shield Security Tools Admin Notes:...

4.8CVSS2.5AI score0.00588EPSS
Exploits2Affected Software1
Kitploit
Kitploit
added 2019/05/14 12:43 p.m.210 views

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

7.2AI score
Exploits0References3
Rows per page
Query Builder