2 matches found
CVE-2020-35947
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce...
CVE-2020-35947
The PageLayer plugin for WordPress (before 1.1.2) has a vulnerability where nearly all AJAX actions perform without proper permission checks. Nonces were used as authorization on pages that publicly exposed the nonce, allowing any authenticated user to trigger actions, including pagelayer_save_co...