🔐 CVE Alert

CVE-2024-4344

MEDIUM 4.3

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for unauthenticated attackers to disable pin protection for the admin interface of the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CWE CWE-352
Vendor paultgoodchild
Product shield: blocks bots, protects users, and prevents security breaches
Published Jun 2, 2024
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for paultgoodchild shield: blocks bots, protects users, and prevents security breaches

Be the first to know when new medium vulnerabilities affecting paultgoodchild shield: blocks bots, protects users, and prevents security breaches are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

paultgoodchild / Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
0 ≤ 19.1.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-simple-firewall/trunk/src/lib/src/ActionRouter/Actions/SecurityAdminRemove.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3079504%40wp-simple-firewall%2Ftrunk&old=3079461%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=

Credits

Christian Angel