6 matches found
CVE-2025-2104
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayersavecontent function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with...
CVE-2025-2104
CVE-2025-2104 affects Page Builder: Pagelayer (WordPress). The vulnerability arises from insufficient validation in pagelayer_save_content(), allowing authenticated attackers with Contributor-level access and above to bypass post moderation and publish posts. Affected versions: up to 1.9.8 per CV...
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayersavecontent function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with...
CVE-2024-8667
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign function in all versions up to, and including, 2.10.0. This makes it possible for...
CVE-2024-8667 HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign function in all versions up to, and including, 2.10.0. This makes it possible for...
CVE-2024-8667
CVE-2024-8667: HurryTimer plugin for WordPress and WooCommerce vulnerable to unauthorized post publication due to missing capability check in activateCampaign() in versions up to 2.10.0. Authenticated attackers with contributor-level access or higher can publish arbitrary posts. Remediation: upgr...