CVE-2026-0722

Name of the Vulnerable Software and Affected Versions Shield Security plugin for WordPress versions prior to 21.0.9

Description The Shield Security plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because the plugin does not properly verify nonces, specifically allowing bypass via a user-supplied parameter in the isNonceVerifyRequired() function. This enables unauthenticated attackers to potentially execute SQL injection attacks and extract sensitive information from the database through a forged request, provided they can trick a site administrator into performing an action.

Recommendations Update the Shield Security plugin to version 21.0.9 or later.