Description

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security version 19.1.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 19.1.11 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-simple-firewall/shield-security-smart-bot-blocking-intrusion-prevention-security-19113-cross-site-request-forgery

https://getshieldsecurity.com/changelog/

Related Vulnerabilities

WordPress Plugin EELV Newsletter Multiple Vulnerabilities (4.6)

WordPress Plugin TI WooCommerce Wishlist Security Bypass (1.21.11)

WordPress Plugin flickr picture backup Arbitrary File Upload (0.7)

MediaWiki Improper Input Validation Vulnerability (CVE-2014-1610)

WordPress Plugin Mimetic Books Cross-Site Scripting (0.2.13)

Severity

High

Classification

CVE-2024-4344 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update CSRF