Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pagelayer pagelayer vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-4687
The Page Builder: Pagelayer WordPress plugin prior to 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
Pagelayer Pagelayer
5.4
CVSSv3
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin prior to 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.
Pagelayer Pagelayer
5.4
CVSSv3
CVE-2023-6738
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions u...
Pagelayer Pagelayer
8.8
CVSSv3
CVE-2020-35944
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
Pagelayer Pagelayer
7.4
CVSSv3
CVE-2020-35947
An issue exists in the PageLayer plugin prior to 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, b...
Pagelayer Pagelayer
4.8
CVSSv3
CVE-2023-5124
The Page Builder: Pagelayer WordPress plugin prior to 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress config...
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36383
PageLayer prior to 1.3.5 allows reflected XSS via the font-size parameter.
Pagelayer Pagelayer
6.1
CVSSv3
CVE-2020-36384
PageLayer prior to 1.3.5 allows reflected XSS via color settings.
Pagelayer Pagelayer
NA
CVE-2024-31383
Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a up to and including 1.2.4.
NA
CVE-2023-7115
The Page Builder: Pagelayer WordPress plugin prior to 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »