Shield Security WP Plugin patches critical vulnerability
Take action: If your WordPress site is using Shield Security plugin, update it to at least version 18.5.10 or the latest version available. The update isn't difficult, so don't delay.
The WordPress plugin Shield Security has addressed a critical security issue that can expose the install base of 50,000 websites. The vulnerability, tracked as CVE-2023-6989 (CVSS score 9.8) is present in the plugin's render_action_template parameter, which allows unauthenticated attackers to upload and execute malicious PHP files on the affected server.
The developers of Shield Security released an update, version 18.5.10, that patches the vulnerability. However, the plugin's official page lists version 19.0.6 as the most recent update, suggesting additional improvements and bug fixes have been made since the security patch.