5 matches found
CVE-2024-2504
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-2504 Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-2504
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attr' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-2504
CVE-2024-2504 affects Page Builder: Pagelayer (WordPress plugin) up to version 1.8.4. The vulnerability is a stored XSS via the attr parameter caused by insufficient input sanitization/output escaping. Impact: authenticated users with Contributor+ can inject scripts that execute when any user loa...
WordPress PageLayer Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)
Software PageLayer Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2504 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebbe1295ece7 Credits wesley wcraft Required privile...