Shield Security WP Plugin patches critical vulnerability

published: Feb. 10, 2024

Take action: If your WordPress site is using Shield Security plugin, update it to at least version 18.5.10 or the latest version available. The update isn't difficult, so don't delay.

Learn More

The WordPress plugin Shield Security has addressed a critical security issue that can expose the install base of 50,000 websites. The vulnerability, tracked as CVE-2023-6989 (CVSS score 9.8) is present in the plugin's render_action_template parameter, which allows unauthenticated attackers to upload and execute malicious PHP files on the affected server.

The security research team at Wordfence discovered the vulnerability and conducted a technical analysis of how it could be exploited.

The developers of Shield Security released an update, version 18.5.10, that patches the vulnerability. However, the plugin's official page lists version 19.0.6 as the most recent update, suggesting additional improvements and bug fixes have been made since the security patch.

Shield Security WP Plugin patches critical vulnerability