Cross-Site Request Forgery Vulnerability in Shield Security Plugin for WordPress
CVE-2026-0722

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Shield: Blocks Bots, Protects Users, And Prevents Security Breaches
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-0722?

The Shield Security plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) flaw, which affects all versions up to 21.0.8. This vulnerability allows attackers to bypass nonce verification, a safeguard that prevents unauthorized actions from being executed without user consent. By exploiting this weakness, malicious actors can craft counterfeit requests, convincing an authenticated administrator to carry out unintended operations. This can lead to SQL injection attacks, potentially allowing the unauthorized extraction of sensitive database information if the administrator unknowingly executes the attacker's crafted action.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches * <= 21.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-simple-fire...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Jan 8, 2026

Credit

Dmitrii Ignatyev

JSON

WordPress