cleantalk
Vulnerabilities and Security Researches

Shield Security – Smart Bot Blocking & Intrusion Prevention Security, CVE-2026-0722

CVE, Research URL

CVE-2026-0722

Home page URL

Security reports for Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Application

Shield Security – Smart Bot Blocking & Intrusion Prevention Security

Published on
Feb 19, 2026
Research Description
The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 21.0.10.
Status
vulnerable
Previous vulnerability researches
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2025-10658) , Oct 11, 2025
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24839) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24878) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24879) , Jun 06, 2024
SupportCandy – Helpdesk & Customer Support Ticket System (CVE-2021-24880) , Jun 06, 2024
New vulnerability
EmailKit -WooCommerce Email Customizer (CVE-2026-1925) , Apr 15, 2026
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2026-1651) , Apr 15, 2026
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2026-1860) , Apr 15, 2026
Related Posts by Taxonomy (CVE-2026-0916) , Apr 15, 2026
Ivory Search – WordPress Search Plugin (CVE-2026-1053) , Apr 15, 2026