90 matches found
EUVD-2023-57427
Malicious code in bioql PyPI...
EUVD-2024-17334
Malicious code in bioql PyPI...
CVE-2024-13427
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-4223
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4223
The Page Builder: Pagelayer WordPress plugin (CVE-2025-4223) is vulnerable to Reflected XSS via the login_url parameter in versions up to 2.0.0 due to insufficient input sanitization and output escaping. Attacks require a user to click a crafted link and execute within that user’s context; no exp...
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-13427
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-13427
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is affected by CVE-2024-13427: a Stored Cross-Site Scripting vulnerability in the Button widget. Root cause: insufficient input sanitization and output escaping on user-supplied attributes. Affected versions: all up ...
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
PT-2025-22826 · WordPress · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions prior to 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button widget due to insufficient input sanitization an...
PT-2025-22839 · WordPress · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 2.0.0 Description: The issue is related to Reflected Cross-Site Scripting via the login url parameter due to insufficient input...
WordPress Pagelayer plugin <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter vulnerability
Reflected Cross-Site Scripting via loginurl Parameter vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PageLayer versions = 2.0.0...
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2023-5124
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations...
CVE-2023-6738
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input...
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...
WordPress Page Builder: Pagelayer plugin < 1.9.0 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin PageLayer versions 1.9.0...
CVE-2024-8426
The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8618
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8618
The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...