Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-0992

Published: 09/06/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated malicious users to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getshieldsecurity shield security

Vendor Advisories

Check Point Security Alerts: WordPress Shield Security Plugin Cross-Site Scripting (CVE-2023-0992)
Check Point Reference: CPAI-2023-1651 Date Published: 17 Apr 2024 Severity: Medium ...

Exploits

Exploit DB: WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization
WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17017 and below suffer from cross site scripting and missing authorization vulnerabilities ...

References

CWE-79https://wordpress.org/plugins/wp-simple-firewall/#developershttps://www.wordfence.com/threat-intel/vulnerabilities/id/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=cvehttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=https://nvd.nist.govhttps://packetstormsecurity.com/files/172002/WordPress-Shield-Security-17.0.17-Cross-Site-Scripting-Missing-Authorization.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1651.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-33545CVE-2024-35725CVE-2024-32704overflowfile uploadCVE-2024-0230CVE-2024-32705CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook