PT-2023-16671 · WordPress · The Shield Security

Ram

Published

2023-06-09

Updated

2023-06-15

CVE-2023-0992

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Shield Security plugin for WordPress versions up to, and including, 17.0.17

Description The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the User-Agent header, which will execute whenever a user accesses an injected page. This is a stored Cross-Site Scripting issue.

Recommendations For versions up to, and including, 17.0.17, consider restricting access to the User-Agent header to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor user access logs closely for suspicious activity related to injected pages.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-0992

Affected Products

The Shield Security

PT-2023-16671 · WordPress · The Shield Security

CVE-2023-0992

Weakness Enumeration

Related Identifiers

Affected Products

References · 8