CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input...

WordPress PageLayer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6738 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID daeb2645c329 Credits Nex Team Required privilege...

CVE-2023-6738

creationtimestamp| type| source ---|---|--- 2024-01-04 05:26:18+00:00| seen| https://t.me/ctinow/162770 2024-01-05 01:32:05+00:00| seen| https://t.me/cibsecurity/74392 2024-01-23 19:56:30+00:00| seen| https://t.me/ctinow/172263...

CVE-2023-6738

CVE-2023-6738 affects Page Builder: Pagelayer (WordPress). It is a Stored XSS via pagelayer_header_code, pagelayer_body_open_code, and pagelayer_footer_code meta fields in all versions up to 1.7.8. Exploitation requires contributor-level permissions and user interaction on the injected page. Root...

CVE-2023-6738 PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input...