CVE-2023-0992

CVE-2023-0992 relates to the Shield Security plugin for WordPress. The Red Hat data corroborates a later feed showing a Missing Authorization issue on the theme-plugin-file AJAX action in versions up to and including 17.0.17, and notes that this can serve as a vector for the stored Cross-Site Scr...

CVE-2022-0211

The CVE-2022-0211 entry concerns the WordPress Shield Security plugin (before 13.0.6). The vulnerability is a stored XSS caused by the plugin not sanitising/escaping admin notes, which could let high-privilege users execute JavaScript even when unfiltered_html is disallowed. Public references in ...

CVE-2024-7313

CVE-2024-7313 relates to the Shield Security WordPress plugin (versions before 20.0.6). The connected documents confirm a reflected XSS vulnerability in the admin dashboard where the plugin fails to sanitize/escape the nav_sub parameter, allowing an authenticated attacker (e.g., an administrator)...

CVE-2023-6989

CVE-2023-6989 affects the Shield Security – Smart Bot Blocking & Intrusion Prevention Security WordPress plugin (wp-simple-firewall). All versions up to and including 18.5.9 are vulnerable to Local File Inclusion via render_action_template, enabling an unauthenticated attacker to include and exec...

CVE-2024-22163

CVE-2024-22163 is a stored XSS vulnerability in the WordPress Shield Security plugin (Shield Security – Smart Bot Blocking & Intrusion Prevention Security)

CVE-2023-0993

The issue concerns The Shield Security plugin for WordPress. The connected documents confirm a vulnerability in the plugin where Missing Authorization on the theme-plugin-file AJAX action affects versions up to and including 17.0.17, enabling authenticated attackers to add arbitrary audit log ent...