cleantalk
Vulnerabilities and Security Researches

Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages, CVE-2024-12636

CVE, Research URL

CVE-2024-12636

Home page URL

Security reports for Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages

Application

Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages

Published on
Dec 25, 2024
Research Description
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'create_popup_delete_process' function. This makes it possible for unauthenticated attackers to delete popups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.2.8.
Status
vulnerable
Previous vulnerability researches
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2025-67974) , Feb 28, 2026
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2025-8565) , Oct 11, 2025
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2021-25106) , Jun 06, 2024
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2025-11816) , Nov 10, 2025
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2015-9428) , Jun 06, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026