5 matches found
PT-2026-49085
Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions prior to 2.1.0 Description Insufficient input sanitization and output escaping in the Anchor block allow authenticated attackers with contributor-level acces...
EUVD-2025-15226
Malicious code in bioql PyPI...
Code injection
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations...
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...
Code injection
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...