Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:5F2FD865-64C0-4FE9-A2C0-3FF8032E09C3
HistoryApr 25, 2023 - 12:00 a.m.

Shield Security < 17.0.18 - Subscriber+ Arbitrary Log Entry Creation

2023-04-2500:00:00
wpscan.com
5
shield security
arbitrary log entry
ajax action
authenticated users
stored xss

0.001 Low

EPSS

Percentile

45.3%

JSON

The plugin does not have authorisation in the theme-plugin-file AJAX action, allowing any authenticated users, such as subscriber to call it and add arbitrary audit log entries, which could also lead to Stored XSS due to the lack of escaping of some entry metadata

CPENameOperatorVersion
wp-simple-firewalllt17.0.18

Related

cve 1
packetstorm 1
prion 1
nvd 1
cvelist 1
zdt 1
wordfence 2
cve
cve
CVE-2023-0993
2023-06-09 06:15:55
packetstorm
packetstorm
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization
2023-04-25 00:00:00
prion
prion
Cross site scripting
2023-06-09 06:15:00
nvd
nvd
CVE-2023-0993
2023-06-09 06:15:55
cvelist
cvelist
CVE-2023-0993
2023-06-09 05:33:19
zdt
zdt
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability
2023-04-25 00:00:00
wordfence
wordfence
Multiple Vulnerabilities Patched in Shield Security
2023-04-25 13:14:00
Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 24, 2023 to Apr 30, 2023)
2023-05-04 12:54:16

0.001 Low

EPSS

Percentile

45.3%

JSON
Related for WPVDB-ID:5F2FD865-64C0-4FE9-A2C0-3FF8032E09C3
cve1packetstorm1prion1nvd1cvelist1zdt1wordfence2