Security Advisory

CVE-2023-6989

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-05 21:21:31

Last updated 2026-04-08 16:33:39

Assigner Wordfence

State PUBLISHED

Description

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

← Browse all CVEs View on cve.org ↗