CVE-2025-14427
Awaiting Analysis Awaiting Analysis - Queue
Authorization Bypass in Shield Security Plugin Allows 2FA Disable

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: Wordfence

Description
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-06-19
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-18
NVD
CVE-2025-14427
EUVD
EUVD-2025-207915
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wp_simple_firewall wp_simple_firewall 21.0.10
shield_security blocks_bots_protects_users_and_prevents_security_breaches to 21.0.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Shield Security WordPress plugin, which is designed to block bots, protect users, and prevent security breaches. Specifically, all versions up to and including 21.0.9 lack a proper capability check on the `MfaEmailDisable` action. This flaw allows authenticated attackers with Subscriber-level access or higher to disable the global Email Two-Factor Authentication (2FA) setting for the entire site without authorization.

Impact Analysis

This vulnerability can impact you by allowing attackers with low-level authenticated access (Subscriber or above) to disable the site's global Email 2FA protection. Disabling Email 2FA reduces the security of user accounts by removing an important layer of authentication, potentially making it easier for attackers to compromise accounts and gain further unauthorized access.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves checking if the Shield Security plugin for WordPress is at or below version 21.0.9, as these versions lack the necessary capability check on the MfaEmailDisable action.

Since the vulnerability allows authenticated users with Subscriber-level access or higher to disable the global Email 2FA setting, monitoring for unexpected changes to the Email 2FA configuration or suspicious user actions related to MFA settings can help detect exploitation.

Specific commands are not provided in the available resources, but general approaches include:

  • Review WordPress plugin version via WP-CLI: `wp plugin list` to verify the Shield Security plugin version.
  • Audit WordPress user activity logs for changes to MFA or Email 2FA settings.
  • Check for unauthorized modifications in plugin files or settings related to MFA.
Mitigation Strategies

The primary immediate mitigation step is to update the Shield Security plugin to version 21.0.10 or later, which includes security fixes addressing this vulnerability.

This update removes user-controllable action overrides and strengthens validation and error handling in MFA flows, preventing unauthorized disabling of Email 2FA.

Additionally, review and restrict user permissions to ensure that only trusted users have access levels that could affect MFA settings.

Monitor authentication logs for suspicious activity related to MFA settings until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart