4 matches found
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-1590
CVE-2024-1590 affects the WordPress Page Builder Pagelayer plugin (versions up to and including 1.8.2). The vulnerability is a Stored XSS in the Button Widget due to insufficient input sanitization and output escaping on user-supplied attributes. With contributor-level (or higher) authentication,...
WordPress PageLayer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)
Software PageLayer Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1590 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0aa1291fa051 Credits wesley wcraft Required privile...