cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6989,https://securityvulnerability.io/vulnerability/CVE-2023-6989,Unauthenticated Attacker Can Include and Execute PHP Files on Server via Render_Action_Template Parameter,"The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress contains a vulnerability that allows for local file inclusion due to an improper handling of the 'render_action_template' parameter. This shortcoming affects all versions up to 18.5.9, enabling unauthenticated attackers to exploit this flaw by including and executing arbitrary PHP files on the server. Such an exploit can lead to a full compromise of the web server, as it permits the execution of any PHP code embedded in the included files, posing a significant threat to the integrity and security of WordPress installations using this plugin.",Wordpress,Shield Security – Smart Bot Blocking & Intrusion Prevention Security,9.8,CRITICAL,0.07229000329971313,false,,false,false,false,,false,false,2024-02-05T21:21:31.299Z,0
CVE-2023-0992,https://securityvulnerability.io/vulnerability/CVE-2023-0992,Stored Cross-Site Scripting Vulnerability in Shield Security Plugin for WordPress,"The Shield Security plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit stored Cross-Site Scripting (XSS) by manipulating the 'User-Agent' header. This flaw can result in arbitrary scripts being injected into web pages, posing a significant risk, as these scripts may execute when users access the affected pages. The vulnerability affects all versions of the plugin up to and including 17.0.17, emphasizing the importance of updating to a secure version to mitigate potential threats.",Wordpress,Shield Security – Smart Bot Blocking & Intrusion Prevention,6.1,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0993,https://securityvulnerability.io/vulnerability/CVE-2023-0993,Missing Authorization Vulnerability in Shield Security Plugin by WordPress,"The Shield Security plugin for WordPress is susceptible to a Missing Authorization issue on the 'theme-plugin-file' AJAX action in versions up to and including 17.0.17. This vulnerability enables attackers with authenticated access to insert arbitrary audit log entries, falsely indicating edits to themes or plugins. Furthermore, it serves as an attack vector for Cross-Site Scripting (XSS), which can lead to further exploitation within the application.",Wordpress,Shield Security – Smart Bot Blocking & Intrusion Prevention,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0