Security vulnerabilities in Shield Security (3)
-
Total site takeover in combination with read-only SQLi – (Shield Security <= 16.1.3)
Affected plugin Shield Security Active installs 60,000+ Vulnerable version <= 16.1.3 Audited version 16.1..1 Fully patched version 16.1.4 Recommended remediation Immediately upgrade to version 16.1.4 or higher Description An attacker can log in as any user with two-factor authentication enabled without knowing the user’s primary credentials. The only precondition is that any plugin, theme, or…
-
Compromise of 2FA secrets through read-only SQLi – (Shield Security <= 16.1.6)
The plugin stores users’ emergency backup codes and TOTP secrets as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
DOS through IP spoofing – (Shield Security <= 16.1.6)
The plugin is vulnerable to IP spoofing, which an attacker can exploit to ban search engine crawlers, the site’s reverse proxy, or legitimate users.