CVE-2025-59580
- EPSS 0.08%
- Veröffentlicht 22.10.2025 14:32:39
- Zuletzt bearbeitet 20.01.2026 15:17:20
Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.
CVE-2024-12163
- EPSS 0.08%
- Veröffentlicht 30.01.2025 06:15:29
- Zuletzt bearbeitet 09.06.2025 21:19:40
The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.
CVE-2024-11357
- EPSS 0.09%
- Veröffentlicht 02.01.2025 06:15:07
- Zuletzt bearbeitet 05.06.2025 21:00:35
The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2024-11200
- EPSS 3.69%
- Veröffentlicht 03.12.2024 14:15:19
- Zuletzt bearbeitet 03.12.2024 14:15:19
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible fo...