Browse all 5 CVE security advisories affecting WP Legal Pages. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Legal Pages is a WordPress plugin designed to help websites generate legal documents like privacy policies and terms of conditions. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. The plugin has accumulated 5 CVEs to date, with several critical flaws allowing attackers to execute arbitrary code or gain elevated access. Security researchers have identified persistent issues in input validation and access control mechanisms, making it a recurring target in vulnerability scans. While no major public incidents have been widely documented, its vulnerability history suggests potential risks for websites failing to maintain updated versions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67974 | WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability — WPLegalPagesCWE-862 | 7.5 | High | 2026-02-20 |
This page lists every published CVE security advisory associated with WP Legal Pages. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.