9 matches found
CVE-2025-67974
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through = 3.5.4...
CVE-2025-66077
CVE-2025-66077 affects WordPress plugin Legal Pages (versions up to 1.4.6). The issue is Missing Authorization / Broken Access Control due to incorrectly configured access levels. CVSS 3.1 base score 4.3 (Network/Low Confidentiality impact). Wordfence and other sources list the vulnerability as p...
CVE-2025-11816
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnectaccountrequest function in all versions up to, and including, 3.5.1. This makes i...
CVE-2025-48242
CVE-2025-48242 describes a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin Legal Pages, affecting versions up to 1.4.5. The issue lies in incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. Public references...
CVE-2025-23835
CVE-2025-23835 (NotFound Legal +) is a Reflected XSS vulnerability caused by improper input neutralization during web page generation. Affected product: Legal + (NotFound Legal +) up to version 1.0. Exploitation details: attacker may lure a user to a crafted URL; successful exploit leads to scrip...
CVE-2025-23835 WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through = 1.0...
WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...
WordPress Legal Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Legal Pages Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32451 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4f155bb44624 Credits Dhabaleshwar Das Requir...
WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Legal Pages Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47824 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b92eaa57c24a Credits Brandon Roldan Required...