CVE-2021-25106 — MEDIUM (5.4)

Q: How severe is CVE-2021-25106?

CVE-2021-25106 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25106?

Check the references section above for vendor advisories and patch information. Affected products include: Wpeka Wplegalpages.

Vulnerability Description

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpeka	Wplegalpages	< 2.7.1

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992eExploitThird Party Advisory
https://wpscan.com/vulnerability/47df802d-5200-484b-959c-9f569edf992eExploitThird Party Advisory

FAQ

What is CVE-2021-25106?

CVE-2021-25106 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its se...

How severe is CVE-2021-25106?

CVE-2021-25106 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25106?

Check the references section above for vendor advisories and patch information. Affected products include: Wpeka Wplegalpages.