WordPress Plugin Vulnerabilities

WP Legal Pages < 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wplegalpages
Fixed in 1.1

References

CVE
CVE-2015-9428
URL
http://cinu.pl/research/wp-plugins/mail_4e7cf11876edb93517405b69cb033741.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2d2535af-a8e5-4c12-8817-6595807af9d2

Timeline

Publicly Published
2015-08-21 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-12
Title
Short URL <= 1.6.8 - Reflected Cross-Site Scripting
Published
2025-04-01
Title
Breaking News WP <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-10-21
Title
Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-02-23
Title
MP3-jPlayer <= 1.8.7 - Cross-Site Scripting (XSS)
Published
2025-04-01
Title
Ebook Downloader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting