Lucene search
+L

285 matches found

Cvelist
Cvelist
added 2021/06/07 10:19 a.m.21 views

CVE-2020-36383

PageLayer before 1.3.5 allows reflected XSS via the font-size parameter...

6.1CVSS6.1AI score0.00827EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/06/07 10:19 a.m.18 views

CVE-2020-36384

PageLayer before 1.3.5 allows reflected XSS via color settings...

6.1CVSS6.1AI score0.00827EPSS
Exploits1References1
CVE
CVE
added 2021/06/07 10:19 a.m.43 views

CVE-2020-36384

PageLayer is a WordPress page builder plugin that prior to version 1.3.5 is affected by a reflected XSS vulnerability triggered via color settings. The root cause is insufficient validation of client-side data before 1.3.5. Exploitation details are not provided in the documents; no in-the-wild ex...

6.1CVSS6AI score0.00827EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.8 views

PageLayer 跨站脚本漏洞

PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer versions prior to 1.3.5, which originates from a program that can fire XSS via the font size parameter...

6.1CVSS5.9AI score0.00827EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.9 views

PageLayer 跨站脚本漏洞

PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...

6.1CVSS5.4AI score0.00827EPSS
Exploits1References2
CNVD
CNVD
added 2021/01/06 12:0 a.m.5 views

WordPress PageLayer plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...

8.8CVSS6.7AI score0.00773EPSS
Exploits2References1
CNVD
CNVD
added 2021/01/06 12:0 a.m.4 views

WordPress PageLayer plugin license issue vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

7.4CVSS6.5AI score0.01089EPSS
Exploits2References1
OSV
OSV
added 2021/01/01 4:15 a.m.5 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS7.3AI score0.00773EPSS
Exploits2References2
OSV
OSV
added 2021/01/01 4:15 a.m.6 views

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

7.4CVSS5.8AI score0.01089EPSS
Exploits2References2
NVD
NVD
added 2021/01/01 4:15 a.m.26 views

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

7.4CVSS7.1AI score0.01089EPSS
Exploits2References2
NVD
NVD
added 2021/01/01 4:15 a.m.31 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS8.7AI score0.00773EPSS
Exploits2References2
Prion
Prion
added 2021/01/01 4:15 a.m.25 views

Cross site request forgery (csrf)

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

6.8CVSS8.6AI score0.00773EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/01/01 4:15 a.m.17 views

Authorization

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

6.5CVSS7.1AI score0.01089EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/01/01 3:28 a.m.28 views

CVE-2020-35944

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...

8.8CVSS8.7AI score0.00773EPSS
Exploits2References2
CVE
CVE
added 2021/01/01 3:28 a.m.113 views

CVE-2020-35944

The CVE refers to the WordPress PageLayer plugin (versions before 1.1.2). The underlying issue is CSRF in the pagelayer_settings_page function, which can lead to stored or reflected XSS as noted in multiple sources. Affected product: PageLayer WordPress plugin; vulnerable component: pagelayer_set...

8.8CVSS8.6AI score0.00773EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/01/01 3:27 a.m.31 views

CVE-2020-35947

An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...

7.4CVSS7.5AI score0.01089EPSS
Exploits2References2
CVE
CVE
added 2021/01/01 3:27 a.m.98 views

CVE-2020-35947

The PageLayer plugin for WordPress (before 1.1.2) has a vulnerability where nearly all AJAX actions perform without proper permission checks. Nonces were used as authorization on pages that publicly exposed the nonce, allowing any authenticated user to trigger actions, including pagelayer_save_co...

7.4CVSS7.2AI score0.01089EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.8 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...

8.8CVSS5.7AI score0.00773EPSS
Exploits2References3
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.7 views

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

7.4CVSS5.7AI score0.01089EPSS
Exploits2References3
Patchstack
Patchstack
added 2020/12/10 12:0 a.m.6 views

WordPress PageLayer plugin <= 1.3.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Crosssite Scripting XSS vulnerability found by WordFence Threat Intelligence team in WordPress PageLayer plugin versions = 1.3.4. Solution Update the WordPress PageLayer plugin to the latest available version at least 1.3.5...

1.6AI score
Exploits0References2Affected Software1
Rows per page
Query Builder