Title: Security waring by Shield Security Last modified: May 8, 2020 --- # Security waring by Shield Security * Resolved [gattringerot](https://wordpress.org/support/users/gattringerot/) * (@gattringerot) * [6 years ago](https://wordpress.org/support/topic/security-waring-by-shield-security/) * We have installed Shield Security plugin. This is reporting a security risk by the plugin! [https://wpvulndb.com/vulnerabilities/9918](https://wpvulndb.com/vulnerabilities/9918) Is this fixed? We have installed actual version 3.1.2 and warning was still displayed. Please give us an information if xss problem is fixed. Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Marco Milesi](https://wordpress.org/support/users/milmor/) * (@milmor) * [6 years ago](https://wordpress.org/support/topic/security-waring-by-shield-security/#post-12801377) * Hi [@gattringerot](https://wordpress.org/support/users/gattringerot/), the XSS“ risk” was only usable by a WordPress logged-in user **with admin role**: an ** admin** could insert scripts in the cookie banner. I’ll contact them but it’s actually fixed, so feel confident about it. * [ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/) * (@ethicalhack3r) * [5 years, 10 months ago](https://wordpress.org/support/topic/security-waring-by-shield-security/#post-13018684) * Hi, Ryan here from wpvulndb.com. * We have been tracking the issue here; [https://wpvulndb.com/vulnerabilities/9918](https://wpvulndb.com/vulnerabilities/9918) * Your [fix in version 3.1](https://plugins.trac.wordpress.org/changeset/2176080) was not sufficient and could trivially be bypassed. * You would at least need to use WordPress’ [esc_html() ](https://developer.wordpress.org/reference/functions/esc_html/) function. * If you could make that small change, we could mark it as fixed on our side. * Although, I agree, this issue is extremely low risk, as only an administrator user take advantage of it, and the form has CSRF tokens in place. * Thanks! * Plugin Author [Marco Milesi](https://wordpress.org/support/users/milmor/) * (@milmor) * [5 years, 10 months ago](https://wordpress.org/support/topic/security-waring-by-shield-security/#post-13025204) * Hi [@ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/), version 3.1.3 release with your suggested bugfix. * Please le me know if the problem is solved. Thank you and kind regards, Marco * [ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/) * (@ethicalhack3r) * [5 years, 10 months ago](https://wordpress.org/support/topic/security-waring-by-shield-security/#post-13025288) * Great, thanks! We’ve updated our entry to reflect the new changes. * [https://wpvulndb.com/vulnerabilities/9918](https://wpvulndb.com/vulnerabilities/9918) Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Security waring by Shield Security’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/eu-cookie-law_39293e.svg) * [EU Cookie Law for GDPR/CCPA](https://wordpress.org/plugins/eu-cookie-law/) * [Frequently Asked Questions](https://wordpress.org/plugins/eu-cookie-law/#faq) * [Support Threads](https://wordpress.org/support/plugin/eu-cookie-law/) * [Active Topics](https://wordpress.org/support/plugin/eu-cookie-law/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/eu-cookie-law/unresolved/) * [Reviews](https://wordpress.org/support/plugin/eu-cookie-law/reviews/) ## Tags * [xss](https://wordpress.org/support/topic-tag/xss/) * 4 replies * 3 participants * Last reply from: [ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/) * Last activity: [5 years, 10 months ago](https://wordpress.org/support/topic/security-waring-by-shield-security/#post-13025288) * Status: resolved