Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Shield Security plugin for WordPress allows attackers to steal sensitive data
CVE-2026-0722
Summary
The Shield Security plugin for WordPress has a security weakness that lets hackers trick site administrators into revealing sensitive information. This is a risk because it allows hackers to steal sensitive data from the site's database. To fix this, update the Shield Security plugin to version 21.0.9 or later.
Original title
The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypass...
Original description
The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
nvd CVSS3.1
6.5
Vulnerability type
CWE-89
SQL Injection
- https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/li...
- https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/li...
- https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/li...
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old...
- https://research.cleantalk.org/cve-2026-0722/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f53d9579-56e9-41aa-b6b...
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026