WordPress Plugin Vulnerabilities

Shield Security < 17.0.18 - Subscriber+ Arbitrary Log Entry Creation

Description

The plugin does not have authorisation in the theme-plugin-file AJAX action, allowing any authenticated users, such as subscriber to call it and add arbitrary audit log entries, which could also lead to Stored XSS due to the lack of escaping of some entry metadata

Affects Plugins

Plugin icon
wp-simple-firewall
Fixed in 17.0.18

References

CVE
CVE-2023-0993
URL
https://www.wordfence.com/blog/2023/04/multiple-vulnerabilities-patched-in-shield-security/

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ramuel Gall
Verified
No
WPVDB ID
5f2fd865-64c0-4fe9-a2c0-3ff8032e09c3

Timeline

Publicly Published
2023-04-25 (about 2 years ago)
Added
2023-04-25 (about 2 years ago)
Last Updated
2023-04-25 (about 2 years ago)

Other

Published
Title
Published
2024-06-20
Title
Ultimate Custom Add To Cart Button <= 1.222.17 - Missing Authorization
Published
2025-03-31
Title
Salesmate Add-On for Gravity Forms < 2.0.4 - Missing Authorization
Published
2025-04-23
Title
Flynax Bridge < 2.2.1 - Unauthenticated Privilege Escalation via Account Takeover
Published
2026-01-22
Title
Membership <= 1.6.4 - Missing Authorization
Published
2025-06-12
Title
Arconix FAQ < 1.9.7 - Missing Authorization