What the vulnerability does
01Description
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.5.
Explanation of Vulnerability in Simple Terms
Legal Pages for wpWax contains an authorization flaw that allows authenticated users with low privileges to read sensitive data they should not access. The vulnerability affects all versions up to 1.4.5. An attacker with a basic user account can retrieve confidential information without additional interaction. Site administrators should update to a version newer than 1.4.5 when available.
What an attacker can do
Read sensitive data they should not have access to.
Potential impact on your site
Confidential information may be exposed to any authenticated user, including subscribers or contributors.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources