CVE-2026-0561

MEDIUM

Shield Security Plugin <21.0.8 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-0561. PoCs published by Sechunt3r.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2026-0561, a reflected XSS vulnerability in Shield Security WordPress plugin <= 21.0.8. The exploit leverages insufficient input sanitization in the 'message' parameter via the render_shield_wploginreplica_header action.

Description

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Exploits (1)

github WORKING POC
by Sechunt3r · shellpoc
https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2026-0561

This repository contains a functional proof-of-concept for CVE-2026-0561, a reflected XSS vulnerability in Shield Security WordPress plugin <= 21.0.8. The exploit leverages insufficient input sanitization in the 'message' parameter via the render_shield_wploginreplica_header action.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Shield Security WordPress plugin <= 21.0.8
No auth needed
Prerequisites: WordPress site with vulnerable Shield Security plugin installed
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0027
EPSS Percentile 18.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
paultgoodchild/Shield: Blocks Bots, Protects Users, and Prevents Security Breaches < 21.0.8
Published Feb 19, 2026
Tracked Since Feb 19, 2026