Browse all 6 CVE security advisories affecting legalweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Legalweb provides legal document management and automation services for law firms and corporate legal departments. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely documented, the six CVEs on record highlight consistent issues with authentication mechanisms and insecure direct object references. The platform's exposure of sensitive legal data makes proper vulnerability remediation critical, as exploitation could lead to unauthorized document access or system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4283 | WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users — WP DSGVO Tools (GDPR)CWE-862 | 9.1 | Critical | 2026-03-24 |
| CVE-2026-0914 | WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode — WP DSGVO Tools (GDPR)CWE-79 | 6.4 | Medium | 2026-01-23 |
| CVE-2024-11761 | LegalWeb Cloud <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — LegalWeb CloudCWE-79 | 6.4 | Medium | 2024-11-28 |
| CVE-2024-3201 | WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP DSGVO Tools (GDPR)CWE-79 | 6.4 | Medium | 2024-05-23 |
| CVE-2021-4358 | WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting — WP DSGVO Tools (GDPR)CWE-79 | 7.2 | High | 2023-06-07 |
| CVE-2021-42359 | WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion — WP DSGVO Tools (GDPR)CWE-284 | 7.5 | High | 2021-11-05 |
This page lists every published CVE security advisory associated with legalweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.