The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992e | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992e | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992e - Exploit, Third Party Advisory |
10 Feb 2022, 21:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992e - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:wpeka:wplegalpages:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-79 |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-07 16:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25106
Mitre link : CVE-2021-25106
CVE.ORG link : CVE-2021-25106
JSON object : View
Products Affected
wpeka
- wplegalpages
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')