Pagelayer Security Vulnerabilities
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
8.8CVSS
8.6AI Score
0.002EPSS
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce wa...
7.4CVSS
7.2AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
6.1CVSS
6.4AI Score
0.001EPSS
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.
5.4CVSS
5.5AI Score
0.0004EPSS
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.
4.8CVSS
5.3AI Score
0.0004EPSS
The Page Builder: Pagelayer ā Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sa...
5.4CVSS
5.2AI Score
0.001EPSS