4 matches found
CVE-2024-8426
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8426 Pagelayer < 1.8.8 - Admin+ Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8426 Pagelayer < 1.8.8 - Admin+ Stored XSS
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8426
The CVE-2024-8426 entry concerns the Page Builder: Pagelayer WordPress plugin before version 1.8.8, where settings are not properly sanitized/escaped. This can allow high-privilege users (e.g., admins) to perform stored Cross-Site Scripting (XSS) attacks even when unfiltered_html is disallowed, a...