cleantalk
Vulnerabilities and Security Researches

Shield Security – Smart Bot Blocking & Intrusion Prevention Security, CVE-2025-14427

CVE, Research URL

CVE-2025-14427

Home page URL

Security reports for Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Application

Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Published on
Feb 19, 2026
Research Description
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site.
Affected versions
max 21.0.10.
Status
vulnerable
Previous vulnerability researches
Country Blocker for AdSense (CVE-2025-13413) , Feb 27, 2026
New vulnerability
Filestack (CVE-2025-13959) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11706) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11725) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23694) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23545) , Feb 27, 2026