Shodan
Vulnerabilities
Vulnerable Software
Pagelayer:  >> Pagelayer  >> 1.2.1  Security Vulnerabilities
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
4.6
EPSS Score
0.002
Published
2024-02-23
CVE-2023-5124
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-29
CVE-2023-6738
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-04
CVE-2023-5087
The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-16
CVE-2023-4687
The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-10-16
CVE-2020-36384
PageLayer before 1.3.5 allows reflected XSS via color settings.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-07
CVE-2020-36383
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved