CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS

2023-10-1619:39:02

WPScan

www.cve.org

pagelayer

wordpress plugin

cve-2023-4687

unauthenticated

stored xss

attackers

post header

post footer

0.001 Low

EPSS

Percentile

30.1%

JSON

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn’t prevent unauthenticated attackers from updating a post’s header or footer code on scheduled posts.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Page Builder: Pagelayer",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "1.3.2",
        "lessThan": "1.7.7"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/31596fc5-4203-40c4-9b0a-e8a37faafddd

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for CVELIST:CVE-2023-4687