Shield%20Security%20%E2%80%93%20Smart%20Bot%20Blocking%20%26%20Intrusion%20Prevention

Shield Security – Smart Bot Blocking & Intrusion Prevention

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2023-0993

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.09% / 26.83%

7 Day CHG~0.00%

Published-09 Jun, 2023 | 05:33

Updated-23 Nov, 2024 | 13:18

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.

Vendor-getshieldsecurity paultgoodchild

Product-shield_security Shield Security – Smart Bot Blocking & Intrusion Prevention

CVE-2023-0992

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-7.2||HIGH

EPSS-34.50% / 96.86%

7 Day CHG~0.00%

Published-09 Jun, 2023 | 05:33

Updated-28 Dec, 2024 | 00:52

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-getshieldsecurity paultgoodchild

Product-shield_security Shield Security – Smart Bot Blocking & Intrusion Prevention

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')