cleantalk
Vulnerabilities and Security Researches

Shield Security – Smart Bot Blocking & Intrusion Prevention Security, CVE-2026-0722

CVE, Research URL

CVE-2026-0722

Home page URL

Security reports for Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Application

Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Published on
Feb 19, 2026
Research Description
The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 21.0.10.
Status
vulnerable
Previous vulnerability researches
Secure Copy Content Protection and Content Locking (CVE-2025-14159) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-14442) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-30905) , Apr 04, 2025
Secure Copy Content Protection and Content Locking (CVE-2025-1404) , Mar 02, 2025
Secure Copy Content Protection and Content Locking (CVE-2026-25335) , Feb 27, 2026
New vulnerability
3D FlipBook – PDF Flipbook WordPress (CVE-2026-1314) , Apr 15, 2026
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2026-1454) , Apr 15, 2026
wpForo Forum (CVE-2026-1581) , Apr 15, 2026
wpForo Forum (CVE-2026-0910) , Apr 15, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-0550) , Apr 15, 2026