CVE-2023-0992

Name of the Vulnerable Software and Affected Versions The Shield Security plugin for WordPress versions up to, and including, 17.0.17

Description The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the User-Agent header, which will execute whenever a user accesses an injected page. This is a stored Cross-Site Scripting issue.

Recommendations For versions up to, and including, 17.0.17, consider restricting access to the User-Agent header to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor user access logs closely for suspicious activity related to injected pages.