285 matches found
CVE-2020-36383
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter...
CVE-2020-36384
PageLayer before 1.3.5 allows reflected XSS via color settings...
CVE-2020-36384
PageLayer is a WordPress page builder plugin that prior to version 1.3.5 is affected by a reflected XSS vulnerability triggered via color settings. The root cause is insufficient validation of client-side data before 1.3.5. Exploitation details are not provided in the documents; no in-the-wild ex...
PageLayer 跨站脚本漏洞
PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer versions prior to 1.3.5, which originates from a program that can fire XSS via the font size parameter...
PageLayer 跨站脚本漏洞
PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...
WordPress PageLayer plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...
WordPress PageLayer plugin license issue vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
Cross site request forgery (csrf)
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
Authorization
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35944
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayersettingspage function is vulnerable to CSRF, which can lead to XSS...
CVE-2020-35944
The CVE refers to the WordPress PageLayer plugin (versions before 1.1.2). The underlying issue is CSRF in the pagelayer_settings_page function, which can lead to stored or reflected XSS as noted in multiple sources. Affected product: PageLayer WordPress plugin; vulnerable component: pagelayer_set...
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35947
The PageLayer plugin for WordPress (before 1.1.2) has a vulnerability where nearly all AJAX actions perform without proper permission checks. Nonces were used as authorization on pages that publicly exposed the nonce, allowing any authenticated user to trigger actions, including pagelayer_save_co...
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress PageLayer plugin versions prior to...
WordPress 授权问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...
WordPress PageLayer plugin <= 1.3.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Crosssite Scripting XSS vulnerability found by WordFence Threat Intelligence team in WordPress PageLayer plugin versions = 1.3.4. Solution Update the WordPress PageLayer plugin to the latest available version at least 1.3.5...