CVE-2025-8565

Name of the Vulnerable Software and Affected Versions WP Legal Pages plugin for WordPress versions up to and including 3.4.3

Description The WP Legal Pages plugin for WordPress is susceptible to unauthorized access of functionality due to a missing capability check on the wplp gdpr install plugin ajax handler() function. This allows authenticated attackers with Contributor-level access or higher to install arbitrary repository plugins.

Recommendations Update WP Legal Pages plugin to a version later than 3.4.3. As a temporary workaround, restrict access for users with Contributor-level access and above.