What the vulnerability does
01Description
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.
Explanation of Vulnerability in Simple Terms
Legal Pages for wpWax contains a missing authorization flaw that allows unauthenticated attackers to modify content over the network. The vulnerability affects versions 1.4.6 and earlier. An attacker can alter data without needing valid credentials or user interaction. Site administrators should update to a version newer than 1.4.6 to remediate this issue.
What an attacker can do
Modify site content without authentication.
Potential impact on your site
Unauthorized users can alter pages, posts, or other content managed by the plugin.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities