Lucene search
K

93 matches found

CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

WordPress plugin Page Builder: Pagelayer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.2AI score0.00415EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.8 views

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

5.4CVSS5.6AI score0.00415EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2021/06/09 12:0 a.m.6 views

PageLayer Cross-Site Scripting Vulnerability

PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...

6.1CVSS6.2AI score0.00827EPSS
Exploits1References1
CNVD
CNVD
added 2021/01/06 12:0 a.m.5 views

WordPress PageLayer plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...

8.8CVSS6.7AI score0.00773EPSS
Exploits2References1
CNVD
CNVD
added 2021/01/06 12:0 a.m.3 views

WordPress PageLayer plugin license issue vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

7.4CVSS6.5AI score0.01089EPSS
Exploits2References1
OSV
OSV
added 2021/01/01 4:15 a.m.3 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS7.3AI score0.00773EPSS
Exploits2References2
NVD
NVD
added 2021/01/01 4:15 a.m.26 views

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

7.4CVSS7.1AI score0.01089EPSS
Exploits2References2
NVD
NVD
added 2021/01/01 4:15 a.m.29 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS8.7AI score0.00773EPSS
Exploits2References2
Prion
Prion
added 2021/01/01 4:15 a.m.17 views

Authorization

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

6.5CVSS7.1AI score0.01089EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/01/01 4:15 a.m.23 views

Cross site request forgery (csrf)

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

6.8CVSS8.6AI score0.00773EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/01/01 3:28 a.m.26 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS8.7AI score0.00773EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/01/01 3:27 a.m.29 views

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

7.4CVSS7.5AI score0.01089EPSS
Exploits2References2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.6 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...

8.8CVSS5.7AI score0.00773EPSS
Exploits2References3
Rows per page
Query Builder