CVE-2025-14427
Authorization Bypass in Shield Security Plugin Allows 2FA Disable
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_simple_firewall | wp_simple_firewall | 21.0.10 |
| shield_security | blocks_bots_protects_users_and_prevents_security_breaches | to 21.0.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Shield Security WordPress plugin, which is designed to block bots, protect users, and prevent security breaches. Specifically, all versions up to and including 21.0.9 lack a proper capability check on the `MfaEmailDisable` action. This flaw allows authenticated attackers with Subscriber-level access or higher to disable the global Email Two-Factor Authentication (2FA) setting for the entire site without authorization.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with low-level authenticated access (Subscriber or above) to disable the site's global Email 2FA protection. Disabling Email 2FA reduces the security of user accounts by removing an important layer of authentication, potentially making it easier for attackers to compromise accounts and gain further unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the Shield Security plugin for WordPress is at or below version 21.0.9, as these versions lack the necessary capability check on the MfaEmailDisable action.
Since the vulnerability allows authenticated users with Subscriber-level access or higher to disable the global Email 2FA setting, monitoring for unexpected changes to the Email 2FA configuration or suspicious user actions related to MFA settings can help detect exploitation.
Specific commands are not provided in the available resources, but general approaches include:
- Review WordPress plugin version via WP-CLI: `wp plugin list` to verify the Shield Security plugin version.
- Audit WordPress user activity logs for changes to MFA or Email 2FA settings.
- Check for unauthorized modifications in plugin files or settings related to MFA.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the Shield Security plugin to version 21.0.10 or later, which includes security fixes addressing this vulnerability.
This update removes user-controllable action overrides and strengthens validation and error handling in MFA flows, preventing unauthorized disabling of Email 2FA.
Additionally, review and restrict user permissions to ensure that only trusted users have access levels that could affect MFA settings.
Monitor authentication logs for suspicious activity related to MFA settings until the update is applied.