CVE-2023-5124

The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations...

WordPress PageLayer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.7.9 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5124 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID efa5efc51ff9 Credits Marc Montpas Required privileg...

CVE-2023-5124

creationtimestamp| type| source ---|---|--- 2024-01-29 16:26:14+00:00| seen| https://t.me/ctinow/175361 2024-02-05 19:16:53+00:00| seen| https://t.me/ctinow/179430 2024-02-21 16:11:27+00:00| seen| https://t.me/ctinow/189709...

CVE-2023-5124 PageLayer < 1.8.0 - Author+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations...

CVE-2023-5124

The CVE-2023-5124 issue affects Page Layer (Pagelayer) Page Builder for WordPress up to version 1.7.9. The vulnerability allows an attacker with Author+/Administrator privileges to inject malicious JavaScript into a post’s header/footer code, even when unfiltered_html is disallowed (notably in mu...