According to the details shared in a post from the team Wordfence, a local file inclusion vulnerability riddled the WordPress plugin Shield Security. Shield Security plugin offers a simple firewall for WordPress websites, preventing bot attacks, malware, and other related threats. The plugin presently boasts over 50,000 active installations, indicating the huge number of websites exposed to threats due to any security vulnerabilities affecting the plugin. Specifically, the vulnerability affected the plugin’s render_action_template parameter that allowing an unauthenticated adversary to include malicious PHP files on the target server. Ultimately, an attacker could execute malicious PHP codes via those files. This vulnerability, CVE-2023-6989, received a critical security rating with a CVSS score of 9.8. Wordfence confirmed that the issue typically affected PHP files only, ruling out the possibility of remote code execution attacks. However, they did confirm that an attacker had numerous options to include and execute malicious PHP files on the target server. In their post, the researchers also presented a detailed technical analysis of the exploit.