PT-2024-39003 · WordPress +1 · Pagelayer

Name of the Vulnerable Software and Affected Versions: Page Builder: Pagelayer versions prior to 1.8.8 Description: The issue concerns the Page Builder: Pagelayer WordPress plugin, where versions prior to 1.8.8 do not properly sanitise and escape some of its settings. This could allow high...

CVE-2024-30465 WordPress PageLayer plugin <= 1.8.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1...

WordPress plugin PageLayer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress PageLayer Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software PageLayer Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30465 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc48f4fa9379 Credits Rafie Muhammad Patchstack Required...

WordPress PageLayer Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2504 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebbe1295ece7 Credits wesley wcraft Required privile...

WordPress PageLayer Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0658bd2623bb Credits wesley wcraft Required privile...

WordPress PageLayer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1590 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0aa1291fa051 Credits wesley wcraft Required privile...

PageLayer < 1.8.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enter the following payload in...

WordPress PageLayer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6738 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID daeb2645c329 Credits Nex Team Required privilege...

CVE-2023-5124

The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations...

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. PoC - As a user with Author+ capabilities, create a new...

WordPress Plugin Page Builder: Pagelayer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PageLayer < 1.7.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress PageLayer Plugin < 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software PageLayer Type Plugin Vulnerable versions 1.7.8 Fixed in 1.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5087 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9bdb9d73e05c Credits Marc Montpas Required privilege...

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

CVE-2023-4687 PageLayer < 1.7.7 - Unauthenticated Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

CVE-2023-5087 PageLayer < 1.7.8 - Author+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

WordPress plugin Page Builder: Pagelayer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

PageLayer Cross-Site Scripting Vulnerability

PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...