CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...

WordPress plugin Legal Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Legal Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

Legal Pages < 1.3.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash and fetchandinserttemplatedata functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with...

WordPress Legal Pages Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Legal Pages Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46f7055dfcca Credits István Márton Required...

WordPress Legal Pages Plugin <= 1.0.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...