CVE-2025-67974 WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through = 3.5.4...

WordPress WP Legal Pages plugin <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect vulnerability

Missing Authorization to Unauthenticated API Disconnect vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WPLegalPages versions = 3.5.1...

EUVD-2015-9268

Malware in sbrugna...

WordPress WPLegalPages plugin <= 3.2.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Lucio Sá in WordPress Plugin WPLegalPages versions = 3.2.7...

CVE-2023-4968

The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Cross site scripting

The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-4968

CVE-2023-4968 relates to the WordPress plugin WPLegalPages . The vulnerability is a Stored Cross-Site Scripting (XSS) in the shortcodes, specifically via the shortcode parameter of wplegalpage . Root cause: insufficient input sanitization and output escaping on user-supplied attributes, allowing ...

CVE-2023-4968 WPLegalPages <= 2.9.2 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2021-25106

CVE-2021-25106 affects WPLegalPages WordPress plugin prior to 2.7.1. The vulnerability arises from missing authorization checks and a flawed CSRF mechanism when saving settings, enabling any authenticated user (e.g., subscriber) to update settings. Combined with inadequate input sanitisation/esca...

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting PoC Run the below command...

CVE-2015-9428

The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters...

CVE-2015-9428

The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-niche parameters...

CVE-2015-9428

The vulnerability CVE-2015-9428 affects the WordPress plugin wplegalpages (pre-1.1). It enables a CSRF that can result in a XSS via admin.php?page=legal-pages with parameters such as lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address, or lp-nich...