WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2024-22163

7.1HIGH

Key Information:

Vendor

WordPress
Status
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
Vendor
CVE Published:
31 January 2024

What is CVE-2024-22163?

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin contains a vulnerability that allows for stored Cross-site Scripting (XSS) attacks. This flaw arises from improper handling of user-supplied input during web page generation. Attackers can exploit this vulnerability to inject malicious scripts, which could be executed in the browsers of users interacting with the affected service, potentially compromising sensitive data and user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.7

References

https://patchstack.com/database/vulnerability/wp-simple-f...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yudistira Arya (Patchstack Alliance)
JSON
.