Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pagelayer pagelayer vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin prior to 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.
Pagelayer Pagelayer
4.8
CVSSv3
CVE-2023-5124
The Page Builder: Pagelayer WordPress plugin prior to 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress config...
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36384
PageLayer prior to 1.3.5 allows reflected XSS via color settings.
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36383
PageLayer prior to 1.3.5 allows reflected XSS via the font-size parameter.
Pagelayer Pagelayer
8.8
CVSSv3
CVE-2020-35944
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
Pagelayer Pagelayer
7.4
CVSSv3
CVE-2020-35947
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, b...
Pagelayer Pagelayer
5.4
CVSSv3
CVE-2023-6738
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions u...
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2023-4687
The Page Builder: Pagelayer WordPress plugin prior to 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
Pagelayer Pagelayer
NA
CVE-2024-30465
Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a up to and including 1.8.1.
NA
CVE-2024-31383
Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a up to and including 1.2.4.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »