{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0722", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-08T12:35:07.937Z", "datePublished": "2026-02-19T04:36:27.820Z", "dateUpdated": "2026-04-08T17:33:18.351Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:18.351Z"}, "affected": [{"vendor": "paultgoodchild", "product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "21.0.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53d9579-56e9-41aa-b6b7-2472734ee719?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/CaptureAjaxAction.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/Actions/BaseAction.php#L125"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/Tables/DataTables/LoadData/Traffic/BuildTrafficTableData.php#L114"}, {"url": "https://research.cleantalk.org/cve-2026-0722/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-12-26T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-02-18T16:19:04.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T01:31:07.258498Z", "id": "CVE-2026-0722", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:31:27.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0722", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T01:31:07.258498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:31:22.120Z"}}], "cna": {"title": "Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "paultgoodchild", "product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "21.0.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-26T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-02-18T16:19:04.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53d9579-56e9-41aa-b6b7-2472734ee719?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/CaptureAjaxAction.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/Actions/BaseAction.php#L125"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/Tables/DataTables/LoadData/Traffic/BuildTrafficTableData.php#L114"}, {"url": "https://research.cleantalk.org/cve-2026-0722/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:18.351Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0722", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:33:18.351Z", "dateReserved": "2026-01-08T12:35:07.937Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T04:36:27.820Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Shield Security para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta, e incluyendo, la 21.0.8. Esto se debe a que el plugin permite que la verificaci\u00f3n de nonce sea eludida a trav\u00e9s de un par\u00e1metro proporcionado por el usuario en la funci\u00f3n isNonceVerifyRequired. Esto hace posible que atacantes no autenticados ejecuten ataques de inyecci\u00f3n SQL, extrayendo informaci\u00f3n sensible de la base de datos, a trav\u00e9s de una petici\u00f3n falsificada siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2026-0722", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:41.810", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/Actions/BaseAction.php#L125"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/CaptureAjaxAction.php#L42"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/Tables/DataTables/LoadData/Traffic/BuildTrafficTableData.php#L114"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3439494%40wp-simple-firewall&new=3439494%40wp-simple-firewall&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2026-0722/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f53d9579-56e9-41aa-b6b7-2472734ee719?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,21.0.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches", "source": "cna", "vendor": "paultgoodchild"}, "product": "shield:_blocks_bots,_protects_users,_and_prevents_security_breaches", "vendor": "paultgoodchild"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T18:09:32.784326+00:00", "value": {"mitigation_remediation": ["Upgrade Shield Security to version 21.0.9 or later (the current latest release) to fix the nonce verification bypass.", "If an immediate upgrade is not possible, manually modify the isNonceVerifyRequired function to remove the user\u2011supplied parameter or enforce proper nonce verification before any database operation.", "As a temporary countermeasure, restrict access to the vulnerable admin endpoints by firewall rules or by whitelisting only trusted IP addresses, reducing the chance that a forged request reaches the vulnerable code."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection through CSRF"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Shield Security plugin, developed by paultgoodchild:Shield, in all released versions up to and including 21.0.8. Users running these versions should verify the installed version and consider immediate remediation.", "description_and_impact": "The Shield Security WordPress plugin contains a flaw that allows the nonce verification check to be bypassed by passing a user\u2011supplied parameter to the isNonceVerifyRequired function. This bypass turns Cross\u2011Site Request Forgery into an unauthenticated SQL injection vector, letting an attacker run arbitrary database queries and exfiltrate sensitive information, as described by CWE\u201189.", "risk_and_exploitability": "With a CVSS score of 6.5, the flaw is considered moderate severity. The EPSS value is below 1\u202f% and the issue is not listed in the CISA KEV catalog, suggesting a low current exploitation probability. However, because the attack does not require authentication and can be executed with a forged request that tricks an administrator, the potential impact remains significant. The likely attack path would involve an attacker sending a crafted request to the site and luring an admin or trusted user into clicking a malicious link, thereby triggering the SQL injection."}}}}, "created": "2026-02-19T10:06:47.104825+00:00", "updated": "2026-04-15T18:15:10.841341+00:00", "vendors": ["paultgoodchild", "paultgoodchild$PRODUCT$shield:_blocks_bots,_protects_users,_and_prevents_security_breaches", "wordpress", "wordpress$PRODUCT$wordpress"]}