93 matches found
WordPress plugin Page Builder: Pagelayer Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PageLayer < 1.7.8 - Author+ Stored XSS
Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...
PageLayer Cross-Site Scripting Vulnerability
PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...
WordPress PageLayer plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...
WordPress PageLayer plugin license issue vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
Authorization
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
Cross site request forgery (csrf)
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...