CSRF Vulnerability in wpWax Legal Pages Affects Version 1.3.7
CVE-2023-50886

8HIGH

Key Information:

Vendor: WordPress
Status: Legal Pages
Vendor: CVE Published:; 15 March 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the wpWax Legal Pages Plugin for WordPress, which can lead to incorrect authorization issues. This affects versions from n/a through 1.3.7. Attackers may exploit this vulnerability to perform unwanted actions on behalf of authenticated users without their consent, potentially compromising user data and system integrity. It's crucial for users of the affected versions to apply security patches as they become available to mitigate these risks.

Affected Version(s)

Legal Pages <= 1.3.7

References

https://patchstack.com/database/vulnerability/legal-pages...

vdb-entry

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Dec 15, 2023

Credit

thiennv (Patchstack Alliance)