{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14427", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-10T02:33:33.560Z", "datePublished": "2026-02-19T04:36:19.188Z", "dateUpdated": "2026-04-08T17:09:18.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:09:18.558Z"}, "affected": [{"vendor": "paultgoodchild", "product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.0.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site."}], "title": "Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91dbc521-c24b-4b73-9b70-46d363ccb535?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "timeline": [{"time": "2026-02-18T16:16:58.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T21:07:04.795922Z", "id": "CVE-2025-14427", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T21:08:14.561Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T21:07:04.795922Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T21:07:16.662Z"}}], "cna": {"title": "Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update", "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "paultgoodchild", "product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "21.0.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-18T16:16:58.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91dbc521-c24b-4b73-9b70-46d363ccb535?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-19T04:36:19.188Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14427", "state": "PUBLISHED", "dateUpdated": "2026-02-19T21:08:14.561Z", "dateReserved": "2025-12-10T02:33:33.560Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T04:36:19.188Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site."}, {"lang": "es", "value": "El plugin Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una comprobaci\u00f3n de capacidad faltante en la acci\u00f3n 'MfaEmailDisable' en todas las versiones hasta la 21.0.9, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, deshabiliten la configuraci\u00f3n global de 2FA por correo electr\u00f3nico para todo el sitio."}], "id": "CVE-2025-14427", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:35.263", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91dbc521-c24b-4b73-9b70-46d363ccb535?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,21.0.9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "source": "cna", "vendor": "paultgoodchild"}, "product": "shield:_blocks_bots,_protects_users,_and_prevents_security_breaches", "vendor": "paultgoodchild"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T15:52:06.554902+00:00", "value": {"mitigation_remediation": ["Update the Shield Security plugin to a version later than 21.0.9 or apply the vendor\u2019s patch when it becomes available.", "If an update is not immediately possible, revoke or limit Subscriber\u2011level access on the affected WordPress site until the plugin is updated, ensuring only administrators can modify security settings.", "After updating, verify that Email 2FA remains enabled and audit recent role assignments to detect any privileged users who may have disabled it during the breach window."], "summary": {"action": "Immediate patch", "impact": "Removal of site\u2011wide Email 2FA by authenticated users"}, "threat_synthesis": {"affected_systems": "WordPress sites running Shield Security version 21.0.9 or earlier, developed by paultgoodchild. The affected product is the Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin, any WordPress installation that has this plugin installed. Specific version details are up to and including 21.0.9.", "description_and_impact": "The Shield Security plugin for WordPress contains a missing capability check on the MfaEmailDisable action. An attacker who can authenticate with a subscriber\u2011level or higher role can invoke this action and toggle the global Email 2\u2011factor authentication setting off. That change removes MFA enforcement for all users, exposing accounts to credential\u2011stuffing and other password\u2011based attacks. The flaw is a classic Missing Authorization weakness, allowing a privileged user to perform actions intended for administrators.", "risk_and_exploitability": "The CVSS score of 4.3 reflects a moderate impact because the exploit requires an authenticated user with existing access, not a zero\u2011day. The EPSS score of less than 1% indicates low exploitation probability, and the vulnerability is not listed in CISA KEV. However, the attack vector is local; any user with Subscriber\u2011level or higher privileges on the site can disable MFA through the plugin\u2019s settings page, raising the risk of credential compromise if MFA is the only defense against brute\u2011force attempts."}}}}, "created": "2026-02-19T10:07:02.535993+00:00", "updated": "2026-04-21T16:00:13.271656+00:00", "vendors": ["paultgoodchild", "paultgoodchild$PRODUCT$shield:_blocks_bots,_protects_users,_and_prevents_security_breaches", "wordpress", "wordpress$PRODUCT$wordpress"]}