Vulnerability Details CVE-2021-25106
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-25106
-
cpe:2.3:a:wpeka:wplegalpages:-
-
cpe:2.3:a:wpeka:wplegalpages:1.5.4
-
cpe:2.3:a:wpeka:wplegalpages:1.5.5
-
cpe:2.3:a:wpeka:wplegalpages:1.5.6
-
cpe:2.3:a:wpeka:wplegalpages:1.5.7
-
cpe:2.3:a:wpeka:wplegalpages:1.5.8
-
cpe:2.3:a:wpeka:wplegalpages:1.5.9
-
cpe:2.3:a:wpeka:wplegalpages:2.0.0
-
cpe:2.3:a:wpeka:wplegalpages:2.0.1
-
cpe:2.3:a:wpeka:wplegalpages:2.0.2
-
cpe:2.3:a:wpeka:wplegalpages:2.0.3
-
cpe:2.3:a:wpeka:wplegalpages:2.0.4
-
cpe:2.3:a:wpeka:wplegalpages:2.0.5
-
cpe:2.3:a:wpeka:wplegalpages:2.0.6
-
cpe:2.3:a:wpeka:wplegalpages:2.1
-
cpe:2.3:a:wpeka:wplegalpages:2.2
-
cpe:2.3:a:wpeka:wplegalpages:2.2.1
-
cpe:2.3:a:wpeka:wplegalpages:2.2.2
-
cpe:2.3:a:wpeka:wplegalpages:2.2.3
-
cpe:2.3:a:wpeka:wplegalpages:2.2.4
-
cpe:2.3:a:wpeka:wplegalpages:2.2.5
-
cpe:2.3:a:wpeka:wplegalpages:2.2.6
-
cpe:2.3:a:wpeka:wplegalpages:2.2.7
-
cpe:2.3:a:wpeka:wplegalpages:2.2.8
-
cpe:2.3:a:wpeka:wplegalpages:2.2.9
-
cpe:2.3:a:wpeka:wplegalpages:2.3.0
-
cpe:2.3:a:wpeka:wplegalpages:2.3.1
-
cpe:2.3:a:wpeka:wplegalpages:2.3.2
-
cpe:2.3:a:wpeka:wplegalpages:2.3.3
-
cpe:2.3:a:wpeka:wplegalpages:2.3.4
-
cpe:2.3:a:wpeka:wplegalpages:2.3.5
-
cpe:2.3:a:wpeka:wplegalpages:2.3.6
-
cpe:2.3:a:wpeka:wplegalpages:2.3.7
-
cpe:2.3:a:wpeka:wplegalpages:2.3.8
-
cpe:2.3:a:wpeka:wplegalpages:2.3.9
-
cpe:2.3:a:wpeka:wplegalpages:2.4.0
-
cpe:2.3:a:wpeka:wplegalpages:2.4.1
-
cpe:2.3:a:wpeka:wplegalpages:2.4.2
-
cpe:2.3:a:wpeka:wplegalpages:2.4.3
-
cpe:2.3:a:wpeka:wplegalpages:2.4.4
-
cpe:2.3:a:wpeka:wplegalpages:2.4.5
-
cpe:2.3:a:wpeka:wplegalpages:2.4.6
-
cpe:2.3:a:wpeka:wplegalpages:2.4.7
-
cpe:2.3:a:wpeka:wplegalpages:2.4.8
-
cpe:2.3:a:wpeka:wplegalpages:2.4.9
-
cpe:2.3:a:wpeka:wplegalpages:2.5.0
-
cpe:2.3:a:wpeka:wplegalpages:2.5.1
-
cpe:2.3:a:wpeka:wplegalpages:2.5.2
-
cpe:2.3:a:wpeka:wplegalpages:2.5.3
-
cpe:2.3:a:wpeka:wplegalpages:2.6.0
-
cpe:2.3:a:wpeka:wplegalpages:2.7.0