The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-07T15:47:23
Updated: 2024-08-03T19:56:09.976Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25106
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-07T16:15:45.840
Modified: 2024-11-21T05:54:21.790
Link: CVE-2021-25106
Redhat
No data.