The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the theme-plugin-file AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Shield_security | Getshieldsecurity | * | 17.0.17 (including) |