Lucene search
K

285 matches found

WPVulnDB
WPVulnDB
added 2020/12/10 12:0 a.m.11 views

Pagelayer < 1.3.5 - Multiple Reflected Cross-Site Scripting (XSS)

Multiple Cross-Site Scripting issues, via the font-size and color parameters of the Website Settings, were fixed in v1.3.5 of the plugin...

3.6AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2020/05/28 12:0 a.m.38 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF leading to XSS

A flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection...

6.8CVSS0.5AI score0.00773EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.14 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - Unprotected AJAX's leading to XSS

Nearly all of the AJAX action endpoints in this plugin failed to include permission checks allowing these actions to be executed by anyone authenticated on the site. The greatest impact was the pagelayersavecontent function that allowed pages to be modified and XSS to occur. PoC $wpuser, 'pwd' =...

6.5CVSS0.6AI score0.01089EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2020/05/28 12:0 a.m.51 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - Unprotected AJAX's leading to XSS

Nearly all of the AJAX action endpoints in this plugin failed to include permission checks allowing these actions to be executed by anyone authenticated on the site. The greatest impact was the pagelayersavecontent function that allowed pages to be modified and XSS to occur. $wpuser, 'pwd' =...

6.5CVSS0.4AI score0.01089EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.21 views

Page Builder: PageLayer - Drag and Drop website builder < 1.1.2 - CSRF leading to XSS

A flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection. PoC...

6.8CVSS3.5AI score0.00773EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder