Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pagelayer pagelayer vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-35944
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
Pagelayer Pagelayer
7.4
CVSSv3
CVE-2020-35947
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, b...
Pagelayer Pagelayer
5.4
CVSSv3
CVE-2023-6738
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions u...
Pagelayer Pagelayer
5.4
CVSSv3
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin prior to 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.
Pagelayer Pagelayer
4.8
CVSSv3
CVE-2023-5124
The Page Builder: Pagelayer WordPress plugin prior to 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress config...
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36383
PageLayer prior to 1.3.5 allows reflected XSS via the font-size parameter.
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36384
PageLayer prior to 1.3.5 allows reflected XSS via color settings.
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2023-4687
The Page Builder: Pagelayer WordPress plugin prior to 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
Pagelayer Pagelayer
NA
CVE-2024-31383
Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a up to and including 1.2.4.
NA
CVE-2023-7115
The Page Builder: Pagelayer WordPress plugin prior to 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »