Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Security & Risk Analysis

The best WordPress legal pages generator that comes with pre-made templates for GDPR, CCPA, DMCA, Privacy Policy, Terms & Conditions, Cookie Polic …

10K active installs v1.5.0 PHP + WP 4.0+ Updated Jan 15, 2026

cookie-noticegdprlegal-documentsprivacy-policyterms-and-conditions

A · Safe

CVEs total7

Unpatched0

Last CVENov 21, 2025

Plugin page Download

Safety Verdict

Is Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Safe to Use in 2026?

Generally Safe

Score 95/100

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Nov 21, 2025Updated 2mo ago

Risk Assessment

The 'legal-pages' plugin v1.5.0 presents a mixed security posture. While it demonstrates good practices in SQL query handling (92% prepared statements) and a low number of file operations and external HTTP requests, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers lack authentication checks, creating a potential entry point for unauthorized actions.

The taint analysis did not reveal critical or high severity vulnerabilities, which is positive. However, the presence of "flows with unsanitized paths" is a red flag, even if not yet exploited in critical ways. This indicates potential weaknesses that could be leveraged with crafted input. The plugin's history of 7 medium severity CVEs, predominantly related to Missing Authorization and CSRF, reinforces the concern around unprotected entry points and improper access control.

Overall, the plugin has strengths in its secure database interaction and output escaping. However, the large number of unprotected AJAX handlers and the historical pattern of authorization and CSRF vulnerabilities suggest that attackers could exploit these weaknesses. While there are no currently unpatched CVEs, the inherent design flaws in the attack surface and past vulnerability types warrant cautious use and prompt updates.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths detected
History of medium severity CVEs (Missing Auth, CSRF)
Large attack surface without auth

Vulnerabilities

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2023

2023

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2025-66077medium · 5.3Missing Authorization

Legal Pages <= 1.4.6 - Missing Authorization

Nov 21, 2025 Patched in 1.4.7 (5d)

CVE-2025-48242medium · 4.3Missing Authorization

Legal Pages <= 1.4.5 - Missing Authorization

May 19, 2025 Patched in 1.4.6 (10d)

CVE-2024-32451medium · 4.3Cross-Site Request Forgery (CSRF)

Legal Pages <= 1.4.2 - Cross-Site Request Forgery

Apr 12, 2024 Patched in 1.4.3 (6d)

CVE-2023-47824medium · 5.4Cross-Site Request Forgery (CSRF)

Legal Pages <= 1.3.8 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data

Nov 16, 2023 Patched in 1.3.9 (68d)

WF-db0508dd-143f-4674-8193-d46967d2799f-legal-pagesmedium · 4.3Missing Authorization

Legal Pages <= 1.3.8 - Missing Authorization

Nov 14, 2023 Patched in 1.3.9 (70d)

CVE-2023-50886medium · 4.3Missing Authorization

Legal Pages <= 1.3.7 - Missing Authorization on 'deleteLegalTemplate'

Sep 18, 2023 Patched in 1.3.8 (127d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-legal-pagesmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.4.2 (699d)

Code Analysis

Analyzed Mar 16, 2026

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

152 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared13 total queries

Output Escaping

78% escaped195 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

formActionUrl (includes\appsero\src\License.php:713)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Attack Surface

Entry Points13

Unprotected8

AJAX Handlers 12

authwp_ajax_general_info_handlerincludes\classes\ADL_LP_ajax_handler.php:18

authwp_ajax_reset_general_info_handlerincludes\classes\ADL_LP_ajax_handler.php:19

authwp_ajax_social_info_handlerincludes\classes\ADL_LP_ajax_handler.php:20

authwp_ajax_reset_social_info_handlerincludes\classes\ADL_LP_ajax_handler.php:21

authwp_ajax_misc_info_handlerincludes\classes\ADL_LP_ajax_handler.php:22

authwp_ajax_loadCreateLpPageincludes\classes\ADL_LP_ajax_handler.php:23

authwp_ajax_fetch_and_insert_template_dataincludes\classes\ADL_LP_ajax_handler.php:24

authwp_ajax_addNewLegalPageincludes\classes\ADL_LP_ajax_handler.php:25

authwp_ajax_moveToTrashincludes\classes\ADL_LP_ajax_handler.php:26

authwp_ajax_addNewLegalTemplateincludes\classes\ADL_LP_ajax_handler.php:27

authwp_ajax_editLegalTemplateincludes\classes\ADL_LP_ajax_handler.php:28

authwp_ajax_deleteLegalTemplateincludes\classes\ADL_LP_ajax_handler.php:29

Shortcodes 1

[wpwax_legal_page] main.php:37

WordPress Hooks 24

actionswitch_themeincludes\appsero\src\Insights.php:134

actionswitch_themeincludes\appsero\src\Insights.php:135

actionadmin_footerincludes\appsero\src\Insights.php:147

actionadmin_noticesincludes\appsero\src\Insights.php:165

actionadmin_initincludes\appsero\src\Insights.php:168

filtercron_schedulesincludes\appsero\src\Insights.php:174

actionadmin_menuincludes\appsero\src\License.php:205

actionafter_switch_themeincludes\appsero\src\License.php:704

actionswitch_themeincludes\appsero\src\License.php:705

filterpre_set_site_transient_update_pluginsincludes\appsero\src\Updater.php:42

filterplugins_apiincludes\appsero\src\Updater.php:43

filterpre_set_site_transient_update_themesincludes\appsero\src\Updater.php:52

actionpre_get_postsincludes\classes\ADL_LP_database.php:9

actionadmin_enqueue_scriptsincludes\classes\ADL_LP_enqueue.php:8

actionadmin_menuincludes\classes\ADL_LP_general.php:9

actionadmin_footerincludes\classes\ADL_LP_general.php:10

actioninitincludes\classes\ADL_LP_helper.php:17

actionadmin_noticesincludes\classes\ADL_LP_helper.php:37

actionadmin_initincludes\classes\ADL_LP_helper.php:39

actionadd_meta_boxesmain.php:36

actionadmin_noticesmain.php:43

actionadmin_initmain.php:242

actionplugins_loadedmain.php:245

filterwidget_textmain.php:249

Maintenance & Trust

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 15, 2026

PHP min version

Downloads229K

Community Trust

Rating86/100

Number of ratings29

Active installs10K

Alternatives

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Alternatives

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda-cookie-law-solution

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K 4 CVEs

Privacy Policy Generator – WPLP Legal Pages

wplegalpages

Create and manage legal pages for WordPress websites using ready-made policy templates that support common privacy and compliance requirements.

10K 7 CVEs

Mini WP GDPR

mini-wp-gdpr

100

A lightweight and easy-to-use tool to help you with your GDPR compliance tasks.

100 No CVEs

Icegram Cookie Manager – Simple Cookie Consent & Compliance Banner

icegram-cookie-manager

100

Add personalized cookie information and link to your WordPress privacy policy page.

0 No CVEs

Complianz – GDPR/CCPA Cookie Consent

complianz-gdpr

Configure your Cookie Banner, Cookie Consent and Cookie Policy with our Wizard and Cookies Scan.

1.0M 9 CVEs

Developer Profile

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator Developer Profile

wpWax

15 plugins · 62K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

210 days

View full developer profile

Detection Fingerprints

How We Detect Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/legal-pages/includes/assets/css/bootstrap.min.css/wp-content/plugins/legal-pages/includes/assets/css/tabs.css/wp-content/plugins/legal-pages/includes/assets/css/adl-lp-main.css/wp-content/plugins/legal-pages/includes/assets/css/style.css/wp-content/plugins/legal-pages/includes/assets/css/toastr.css/wp-content/plugins/legal-pages/includes/assets/js/bootstrap.min.js/wp-content/plugins/legal-pages/includes/assets/js/toastr.min.js/wp-content/plugins/legal-pages/includes/assets/js/adl-lp-main.js+1 more

Script Paths

/wp-content/plugins/legal-pages/includes/assets/js/adl-lp-main.js/wp-content/plugins/legal-pages/includes/assets/js/bootstrap.min.js/wp-content/plugins/legal-pages/includes/assets/js/toastr.min.js

Version Parameters

adl-notice?ver=adl-lp-bootstrap?ver=adl-tabs?ver=adl-main?ver=style.css?ver=toastr.css?ver=bootstrap.min.js?ver=toastr.min.js?ver=adl-lp-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

adl-lp-bootstrap

HTML Comments

+18 more

Data Attributes

data-targetdata-toggledata-dismissdata-backdropdata-keyboard

JS Globals

adl_lp_obj

Shortcode Output

<p>You do not have permission to view this content.</p>

FAQ