CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32451 – WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32451
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en wpWax Legal Pages. Este problema afecta a las páginas legales: desde n/a hasta 1.4.2. The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the uninstall_reason_submission function. • https://patchstack.com/database/vulnerability/legal-pages/wordpress-legal-pages-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47824 – WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47824
16 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator en versiones <= 1.3.8. The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. This is due to missin... • https://patchstack.com/database/vulnerability/legal-pages/wordpress-legal-pages-plugin-1-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50886 – WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50886
18 Sep 2023 — Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. Cross-Site Request Forgery (CSRF), vulnerabilidad de autorización incorrecta en las páginas legales de wpWax. Este problema afecta a las páginas legales: desde n/a hasta 1.3.7. The Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteLegalTemplate() function in versions up to, and in... • https://patchstack.com/database/vulnerability/legal-pages/wordpress-legal-pages-plugin-1-3-7-broken-access-control-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization CWE-863: Incorrect Authorization •