WordPress Plugin Vulnerabilities

WPLegalPages < 3.5.5 - Missing Authorization

Description

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
wplegalpages
Fixed in 3.5.5

References

CVE
CVE-2025-67974
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2935561-6c26-4c22-ab91-a13358a3c978

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
NumeX
Verified
No
WPVDB ID
4f23b3b7-2aab-4196-8c4c-aa9c5e1ce31f

Timeline

Publicly Published
2026-01-27 (about 3 months ago)
Added
2026-02-02 (about 3 months ago)
Last Updated
2026-02-02 (about 3 months ago)

Other

Published
Title
Published
2025-02-14
Title
Distance Based Shipping Calculator < 2.0.23 - Missing Authorization
Published
2026-04-21
Title
Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini < 1.4.3 - Missing Authorization
Published
2023-11-03
Title
Simple Job Board < 2.10.6 - Missing Authorization
Published
2025-12-04
Title
Voidek Employee Portal < 1.0.8 - Missing Authorization
Published
2025-12-11
Title
Modalier for Elementor <= 1.0.6 - Missing Authorization