On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into the same dashboard, which could also be used to exploit the first vulnerability in configurations where the unauthenticated technique was not viable.
You may also like
26 Best Beaver Builder Themes and Templates
Are you looking for the best Beaver Builder...
Finatex: Financial Consultant WordPress Theme
Pursuing a career in finance can be quite...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21,...
Did you know we’re running a Bug Bounty...