Lucene search
K

93 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 9:0 p.m.6 views

CVE-2024-8426

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.7 views

CVE-2024-8618

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00315EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-8618

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-8618 Page Builder: Pagelayer < 1.9.0- Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00315EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.15 views

CVE-2024-8618 Page Builder: Pagelayer < 1.9.0- Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.39 views

CVE-2024-8618

The CVE-2024-8618 entry concerns the Page Builder: Pagelayer WordPress plugin. The vulnerability affects versions prior to 1.9.0 and stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowe...

4.8CVSS5.7AI score0.00315EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.18 views

CVE-2024-8426 Pagelayer < 1.8.8 - Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.7 views

CVE-2024-8426 Pagelayer < 1.8.8 - Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

6.2AI score0.00266EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21525 · WordPress · Pagelayer

Name of the Vulnerable Software and Affected Versions: Page Builder: Pagelayer versions prior to 1.9.0 Description: The issue concerns the Page Builder: Pagelayer WordPress plugin, where versions prior to 1.9.0 do not properly sanitise and escape some of its settings. This could allow...

4.8CVSS4.8AI score0.00315EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/14 7:58 p.m.20 views

CVE-2024-13430

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS6.5AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/03/13 5:15 a.m.27 views

CVE-2025-2104

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayersavecontent function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with...

4.3CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 4:21 a.m.71 views

CVE-2025-2104

CVE-2025-2104 affects Page Builder: Pagelayer (WordPress). The vulnerability arises from insufficient validation in pagelayer_save_content(), allowing authenticated attackers with Contributor-level access and above to bypass post moderation and publish posts. Affected versions: up to 1.9.8 per CV...

4.3CVSS4.5AI score0.00269EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/13 4:21 a.m.29 views

CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayersavecontent function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with...

4.3CVSS0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.3 views

WordPress plugin Page Builder: Pagelayer – Drag and Drop website builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Page Builder: Pagelayer - Dra...

4.3CVSS8.3AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/12 8:21 a.m.7 views

CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS4.4AI score0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/12 8:21 a.m.16 views

CVE-2024-13430 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayerbuilderpostsshortcode' function due to insufficient restrictions on which posts can be included. This makes it...

4.3CVSS0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.5 views

PT-2025-11002 · WordPress · Pagelayer

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 1.9.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private...

4.3CVSS9.2AI score0.00311EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/03/10 4:21 a.m.8 views

CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayersavepost function. This makes it possible for...

4.3CVSS6.6AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/10 4:21 a.m.13 views

CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayersavepost function. This makes it possible for...

4.3CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2025/03/10 4:21 a.m.64 views

CVE-2025-1926

The CVE concerns Page Builder: Pagelayer (WordPress) versions

4.3CVSS6.6AI score0.00155EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder