CVE-2023-0993

Name of the Vulnerable Software and Affected Versions Shield Security plugin for WordPress versions up to, and including, 17.0.17

Description The issue concerns missing authorization on the 'theme-plugin-file' AJAX action. This allows authenticated attackers to add arbitrary audit log entries, indicating that a theme or plugin has been edited. It also serves as a vector for Cross-Site Scripting.

Recommendations For Shield Security plugin for WordPress versions up to, and including, 17.0.17, update to a version later than 17.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the 'theme-plugin-file' AJAX action to minimize the risk of exploitation.