Lucene search
K

9 matches found

NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-67974

Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through = 3.5.4...

7.5CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 12:29 p.m.11 views

CVE-2025-66077

CVE-2025-66077 affects WordPress plugin Legal Pages (versions up to 1.4.6). The issue is Missing Authorization / Broken Access Control due to incorrectly configured access levels. CVSS 3.1 base score 4.3 (Network/Low Confidentiality impact). Wordfence and other sources list the vulnerability as p...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/02 2:55 a.m.13 views

CVE-2025-11816

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnectaccountrequest function in all versions up to, and including, 3.5.1. This makes i...

5.3CVSS5.2AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:44 p.m.29 views

CVE-2025-48242

CVE-2025-48242 describes a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin Legal Pages, affecting versions up to 1.4.5. The issue lies in incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. Public references...

6.5CVSS5.9AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 3:29 p.m.55 views

CVE-2025-23835

CVE-2025-23835 (NotFound Legal +) is a Reflected XSS vulnerability caused by improper input neutralization during web page generation. Affected product: Legal + (NotFound Legal +) up to version 1.0. Exploitation details: attacker may lure a user to a crafted URL; successful exploit leads to scrip...

7.1CVSS7.2AI score0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 3:29 p.m.17 views

CVE-2025-23835 WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through = 1.0...

7.1CVSS0.00241EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.11 views

WordPress Legal Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Legal Pages Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32451 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4f155bb44624 Credits Dhabaleshwar Das Requir...

4.3CVSS7AI score0.00212EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/16 12:0 a.m.13 views

WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Legal Pages Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47824 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b92eaa57c24a Credits Brandon Roldan Required...

8.8CVSS6.6AI score0.00254EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder