Skip to main content

Shield Security

6 CVEs product

Monthly

CVE-2024-7313 MEDIUM POC This Month

The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shield Security
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-6989 CRITICAL POC PATCH THREAT Act Now

The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

LFI WordPress Information Disclosure PHP Shield Security
NVD VulDB
CVSS 3.1
9.8
EPSS
61.9%
Threat
5.3
CVE-2024-22163 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security - Smart Bot Blocking & Intrusion Prevention Security allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shield Security
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-0993 MEDIUM PATCH This Month

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass XSS WordPress Shield Security
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0992 HIGH PATCH Act Now

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 38.8%.

WordPress XSS Shield Security
NVD VulDB
CVSS 3.1
7.2
EPSS
38.8%
CVE-2022-0211 MEDIUM POC This Month

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shield Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shield Security
NVD WPScan
EPSS 62% 5.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

LFI WordPress Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security - Smart Bot Blocking & Intrusion Prevention Security allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shield Security
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass XSS WordPress +1
NVD VulDB
EPSS 39% CVSS 7.2
HIGH PATCH Act Now

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 38.8%.

WordPress XSS Shield Security
NVD VulDB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shield Security
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy