Vulnerability Description
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getshieldsecurity | Shield Security | < 18.5.10 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-983PatchThird Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-983PatchThird Party Advisory
FAQ
What is CVE-2023-6989?
CVE-2023-6989 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_t...
How severe is CVE-2023-6989?
CVE-2023-6989 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-6989?
Check the references section above for vendor advisories and patch information. Affected products include: Getshieldsecurity Shield Security.