5 matches found
WordPress PageLayer Plugin < 1.7.7 is vulnerable to Cross Site Scripting (XSS)
Software PageLayer Type Plugin Vulnerable versions 1.7.7 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4687 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a2e6d35b385c Credits Marc Montpas Required...
CVE-2023-4687
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...
CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...
CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...
CVE-2023-4687
The CVE-2023-4687 entry concerns the WordPress PageLayer (Pagelayer) plugin, specifically versions before 1.7.7. The affected component is the Header/Body/Footer code editor used on scheduled posts. Root cause per reports is lack of input protection, enabling unauthenticated attackers to update a...